TeamTNT was a risk actor extremely expert at compromising cloud environments. The risk actor’s assaults made use of never-seen-before methods and exploits, as TeamTNT developed its personal toolbox, reasonably than counting on the identical strategies utilized by many different risk actors. After working on this method for nearly two years, TeamTNT referred to as it quits in November 2021. The risk actor subsequently ceased to develop and deploy new malware. That mentioned, the risk actor didn’t take down its infrastructure, leaving its extant malware to proceed its unfold.
Nonetheless, whereas the 2 different assaults infect victims’ techniques to mine cryptocurrency, the Kangaroo assault does one thing of the alternative. It leverages contaminated environments to run a solver algorithm meant to interrupt the SECP256K1 encryption that underlies Bitcoin. Breaking this encryption with as we speak’s computer systems is taken into account to be a just about inconceivable activity, however the Kangaroo assault is tasking compromised environments with doing so anyway. The solver algorithm splits the job up into smaller duties, enabling TeamTNT to doubtlessly leverage lots of stolen laptop energy concurrently by distributing totally different chunks to every system compromised by the assault. Even so, breaking Bitcoin’s encryption on this approach continues to be extremely unlikely, making this explicit assault appear considerably unusual. It is not clear what the motive or intention is behind this explicit assault.