Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For Years
Cado Labs' honeypot infrastructure was recently compromised by a complex and multi-stage cryptojacking attack.
Although the attack utilised many TeamTNT TTPs, It is assessed with high confidence that the group WatchDog is continuing to repurpose TeamTNT payloads - as they've done in the past.
The attack targets exposed Docker Engine API endpoints and Redis servers, and can propagate in a worm-like fashion.
Several sophisticated techniques were employed, including timestomping, process hiding and exploitation of a misconfigured Redis database that leaves it vulnerable to remote code execution.
Featured Resources
blog
Get Ready to Get MCPwned — Cymulate’s Elite CTF on Securing the Model Context Protocol
When AI agents meet the real world, every protocol becomes a potential attack vector. That’s the big idea behind MCPwned,
CUSTOMERS
How a Retail Organization Became 12x Faster at Assessing Security Controls with Cymulate
Challenge This retail organization has a presence in 34 countries and over 5,800 stores. Its security team uses various controls
blog
Ransomware Detection Techniques: A Smarter Approach to Staying Ahead of Attacks
Ransomware attacks continue to rise in both volume and sophistication, crippling organizations, exfiltrating sensitive data and costing billions annually in