ADVERTISEMENT

Monitoring tool abused to spy on victims’ cloud infrastructure

Server rack with blue and red internet patch cord cables connected to black patch panel in data serv
Sep 16, 2020 Updated: 28 September 2021 3 min read

What happened? 

Weave Scope is a powerful utility, giving the attackers access to all information about the victim’s server environment with the ability to control them including: installed applications, connection between the cloud workloads, use of the memory and CPU, and a list of existing containers with the ability to start, stop, and open interactive shells in any of these containers. By installing a legitimate tool such as Weave Scope the attackers reap all the benefits as if they had installed a backdoor on the server, with significantly less effort and without needing to use malware.
ADVERTISEMENT

Some background on TeamTNT?

How to defend against TeamTNT’s ongoing malicious activity

ADVERTISEMENT