Alessandro Brucato, a security expert, claims that SCARLETEEL hackers are persistent in their attacks against cloud environments. Their major target is still on cloud environments, but they have improved their stealth and resilience by changing their tools and methods to get around new security measures.
SCARLETEEL: Unleashing Havoc in Cloud Environments
In February 2023, Sysdig researchers first came upon the SCARLETEEL harmful operation. They discovered an attack chain that includes obtaining private information from AWS infrastructure and using cryptominers to illegally access afflicted computers’ resources.
A potential connection between SCARLETEEL and the famed TeamTNT cryptojacking gang was raised by Cado Security’s investigation in March. Sysdig pointed out that it may be an example of someone copying their attack strategies and techniques.
SCARLETEEL has lately increased its attention on AWS accounts, continuing their pattern. By using cryptominers on Amazon’s high-performance servers, they may steal intellectual property and possibly earn up to $4,000 per day by using weak web apps to get permanent access.
The Jupyter Notebook containers that have been set up in Kubernetes clusters are exploited as the first step in the SCARLETEEL attack chain. The hackers can survey the target network using this first access while also obtaining AWS credentials to further their intrusion.
The AWS command line and Pacu framework are then installed by the attackers in preparation for more hostile actions. It is noteworthy that a variety of scripts are used to retrieve AWS credentials, some of which target instances of the AWS Fargate computing engine explicitly.
The attackers use various techniques, such as taking advantage of container management systems by using the Kubernetes penetration testing tool Peirates. Additionally, they use the DDoS botnet malware Pandora, demonstrating their efforts to make money off of hacked servers.
The analyst from Sysdig claims that SCARLETEEL actors frequently attack cloud infrastructures like AWS and Kubernetes. Exploiting open computing services and weak apps is their favorite entrance strategy. Their first objective is stealing the intellectual property of their victims, even if their concentration is still on making money through crypto mining.