Site navigation

Thousands of Credentials Stolen in Global Windows and Linux Hack

Victoria Roberts


Windows and Linux hack
A group of hackers, known as TeamTNT, were behind a campaign called Chimaera which stole confidential usernames and passwords.

TeamTNT, the hackers involved in this latest high-profile cyberattack, have been tracking the number of infected global devices, which totals in the thousands. 

The campaign, Chimaera, which was made public yesterday by AT&T Alien Labs, has been in operation since July. 

Windows users have been attacked, alongside various Linux distributions including Alpine, AWS, Docker and Kubernetes. 

Many of the malware samples that researchers collected show that no viruses were detected in systems, while others showed only low detection rates.

This is worrying news for users of these systems, who are being advised to monitor network traffic, outbound port scans and unreasonable bandwidth usage for possible infection. 

An innovative new open source tool was used to collect the data from devices. The tool, known as Lazagne, can work on multiple web operating systems and collects stored credentials from applications. 

Ofer Caspi, a security researcher at Alien Labs, said, “The use of open-source tools like Lazagne allows TeamTNT to stay below the radar, making it more difficult for anti-virus companies to detect.”


TeamTNT are a group known to focus on stealing Cloud system credentials, using infected systems for cryptocurrency mining and spreading malware to other vulnerable systems. 

The hacking group used a number of different tools to complete the hack, including port scanners and systems to install bots and download files. 

The tools used had the capacity to disable or uninstall security products on infected machines. 

To infect Windows systems, the attackers implemented a malicious script into the device that automatically downloads all the tools needed to mine data.

Researchers have urged organisations to keep software updated and maintain minimal exposure to the internet on Linux servers.

Victoria Roberts

Staff Writer

Latest News

Cybersecurity Finance
Cybersecurity Editor's Picks
Climate Editor's Picks Energy Featured
%d bloggers like this: