TeamTNT
TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low1.9
Low signal strength
Mentions3
Sources1
High conf.2
Last seenJun 2026
First observed
2021-10-01
Last active
—
Origin
Unknown — financially motivated cybercriminal group
Aliases
1
Techniques
0
Campaigns
0
Attribution signals
3 mentions · 1 source#1known tohigh
VictimologyTTP match
xforce
Jun 2026
"TeamTNT is known to attack cloud services with intent to steal credentials, perform cryptojacking, or install backdoors."
#2used byhigh
Malware
xforce
Jun 2026
"Trend Micro has published an analysis of a shell script used by TeamTNT to steal AWS credentials."
#3low
TTP match
wiz-research
May 2026
Hedge terms observed
known toused by