TeamTNT Upgrades Arsenal Refines Focus on Kubernetes and GPU Environments <\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-env.html\"><br \/>\n<meta property=\"og:title\" content=\"TeamTNT Upgrades Arsenal Refines Focus on Kubernetes and GPU Environments \"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments-\/TeamTNT%20Upgrades%20Arsenal%20Refines%20Focus%20on%20Kubernetes%20and%20GPU%20Environments_641.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"TeamTNT Upgrades Arsenal Refines Focus on Kubernetes and GPU Environments \"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments-\/TeamTNT%20Upgrades%20Arsenal%20Refines%20Focus%20on%20Kubernetes%20and%20GPU%20Environments_641.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.009150012039\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1432882632\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"9.2761780104712\">\n<div class=\"article-details\" role=\"heading\" readability=\"38.081151832461\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__description\">Using a new batch of campaign samples, we take a look at its more recent cybercrime contributions and compare them with its previous deployments to demonstrate the group\u2019s use of upgraded tools and payloads. <\/p>\n<p class=\"article-details__author-by\">By: David Fiser, Alfredo Oliveira <time class=\"article-details__date\">November 11, 2021<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"50.726952980378\">\n<div readability=\"49.304701962236\">\n<p>In previous entries, we described how the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/teamtnt-activities-probed\">hacking group TeamTNT<\/a> targeted <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/d\/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining.html\">unsecured Redis instances<\/a>, <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/coinminer-ddos-bot-attack-docker-daemon-ports\">exposed Docker APIs<\/a>, and vulnerable <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/e\/teamtnt-targets-kubernetes--nearly-50-000-ips-compromised.html\">Kubernetes clusters<\/a> in order to deploy cryptocurrency-mining payloads and <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/e\/teamtnt-extended-credential-harvester-targets-cloud-services-other-software.html\">credential stealers<\/a>. TeamTNT was one of the first cybercriminal groups to focus on cloud service providers (CSPs), specifically the metadata stored on elastic computing instances being run on cloud services. It is mainly engaged in the theft of environmental metadata used by CSPs. Because instance metadata and user data can\u2019t be authenticated or encrypted, it\u2019s important for users to avoid storing sensitive data in metadata fields, including secrets and CSP-related preauthorization data which can then be used in other services such as <a href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/20\/h\/securing-weak-points-in-serverless.html\">serverless<\/a> deployments.<\/p>\n<p>If a running instance used by a CSP customer is not properly configured or has a security weakness such as exposed APIs or leaked credentials, malicious actors who are able to abuse these security flaws might be able to use other services as well. Therefore, it\u2019s important for organizations to safeguard critical <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/f\/secure_secrets_managing_authentication_credentials.html\">authentication credentials<\/a>, or secrets, to ensure that they are out of cybercriminals\u2019 reach.<\/p>\n<p>Today, TeamTNT remains to actively exploit compromised cloud environments in its campaigns. Using a new batch of campaign samples, we take a look at its more recent cybercrime contributions and compare them with its previous deployments to demonstrate the group\u2019s use of upgraded tools and payloads.<\/p>\n<p><span class=\"body-subhead-title\">TeamTNT\u2019s upgraded arsenal<\/span><\/p>\n<p>What stands out from our analysis is that the samples obtained from TeamTNT\u2019s recent campaigns look more professionally developed than previous versions. The samples, which cover more corner cases and include bug fixes, show marked improvements in how the hacking group targets misconfigured Amazon Web Services (AWS) or Kubernetes services.With cybercriminals setting their sights on cloud deployments, it\u2019s important for cloud users to understand the importance of the shared responsibility model. Users play an important role in the overall security of their cloud environments. Cloud users are in charge of securing the data, platforms, applications, and operating systems that they run within their respective cloud services. Hence, they must also be aware of where to place critical data within the cloud environment for it not to be targeted by malicious actors.<\/p>\n<p>Rather than incorporating all-in-one samples with multiple functionalities, TeamTNT\u2019s attacks have become more modular. The samples have a defined scope and feature well-defined functions, showing how the group has evolved to apply a more targeted approach to its campaigns.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments-\/Fig%201_TeamTNT%20Upgrades%20Arsenal%20Refines%20Focus%20on%20Kubernetes%20and%20GPU%20Environments%20.png\" alt=\"TeamTNT\u2019s typical attack chain \"><figcaption>Figure 1. TeamTNT\u2019s typical attack chain <\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments-\/Fig%202_TeamTNT%20Upgrades%20Arsenal%20Refines%20Focus%20on%20Kubernetes%20and%20GPU%20Environments%20.jpg\" alt=\"An older version of TeamTNT\u2019s AWS credential stealer (left) compared with newer versions (middle and right) from instances that they have already compromised\"><figcaption>Figure 2. An older version of TeamTNT\u2019s AWS credential stealer (left) compared with newer versions (middle and right) <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36.3\">\n<div readability=\"19.36\">\n<p>Earlier this year, we detailed how TeamTNT crafted a hard-coded shell script that targeted credentials from <a href=\"https:\/\/www.trendmicro.com\/en_ph\/research\/21\/c\/teamtnt-continues-attack-on-the-cloud--targets-aws-credentials.html\">vulnerable AWS instances<\/a>. Aside from AWS, we have also observed how TeamTNT has refined its development of tools specifically for one of its primary targets, Kubernetes.<\/p>\n<p>Figure 3 shows TeamTNT samples that target different Kubernetes environments, obtained in August and September 2021. These show that TeamTNT has developed multiple payloads for different targeted Kubernetes environments. Upon closer look, the payloads have minor changes specifically geared toward adapting a bit better to the infected environment: They are less noisy as they are less generic, and they change command-and-control addresses as they get updated. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments-\/Fig%203_TeamTNT%20Upgrades%20Arsenal%20Refines%20Focus%20on%20Kubernetes%20and%20GPU%20Environments%20.jpg\" alt=\"TeamTNT tools targeting Kubernetes environments using different payloads \"><figcaption>Figure 3. TeamTNT tools targeting Kubernetes environments using different payloads <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36\">\n<div readability=\"17\">\n<p>Checking this trend with Shodan data, we see that TeamTNT\u2019s focus on Kubernetes deployments makes sense since the number of open and exposed Docker APIs has been decreasing. In September 2021, the number of exposed Docker APIs was 836, down from 7,276 12 months prior. Meanwhile, the number of vulnerable Kubernetes APIs has been increasing since June 2021. In September 2021, exposed Kubernetes APIs even reached 161,993. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments-\/Fig%204_TeamTNT%20Upgrades%20Arsenal%20Refines%20Focus%20on%20Kubernetes%20and%20GPU%20Environments%20.png\" alt=\"Shodan data showing a significant decrease in exposed Docker APIs from the latter part of 2020 to 2021 \"><figcaption>Figure 4. Shodan data showing a significant decrease in exposed Docker APIs from the latter part of 2020 to 2021 <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments-\/Fig%205_TeamTNT%20Upgrades%20Arsenal%20Refines%20Focus%20on%20Kubernetes%20and%20GPU%20Environments%20.png\" alt=\"Shodan data showing a significant increase in exposed Kubernetes APIs in 2021 \"><figcaption>Figure 5. Shodan data showing a significant increase in exposed Kubernetes APIs in 2021 <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35\">\n<div readability=\"15\">\n<p>TeamTNT is also extending its focus on its mining hash rate by enhancing its chances to exploit devices equipped with GPUs by having toolsets designed for multiple GPU manufacturers. This is no surprise as the actual reward for mining monero cryptocurrency is getting lower. Thus, to mine the same amount of moneroj, a bigger contribution (with hashes provided) is needed, which in this case is indicated by the hash rate. Simply put, the bigger the hash rate, the higher the amount of money mined. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments-\/Fig%206_TeamTNT%20Upgrades%20Arsenal%20Refines%20Focus%20on%20Kubernetes%20and%20GPU%20Environments%20.png\" alt=\"TeamTNT tools that target GPU environments \"><figcaption>Figure 6. TeamTNT tools that target GPU environments <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"44.285714285714\">\n<div readability=\"36.190476190476\">\n<p><span class=\"body-subhead-title\">Conclusion and security recommendations<\/span><\/p>\n<p>This entry highlights our three major observations on TeamTNT\u2019s recent campaigns. The first concerns the changes the group has employed in its arsenal development. Rather than using messy, all-in-one malicious files, its new-generation payloads seem to be more professionally developed and targeted, and generates less noise during infection by reducing the number of executions and deploying more accurately.<\/p>\n<p>Another crucial observation is that TeamTNT is developing more tools targeting Kubernetes. This is backed by in-the-wild Shodan data showing the number of exposed Kubernetes APIs. Because the hacking team has also mentioned the launch of a new Kubernetes campaign on its social media account, we highly recommend that Kubernetes users pay special attention to its deployments. However, despite TeamTNT\u2019s apparent preference for exposed Kubernetes APIs, it still targets CSPs.<\/p>\n<p>The final point is that the payloads now identify GPU-based environments and deploy specific payloads to target instances running in CSPs and take advantage of the computational power and generate more cryptocurrency by ill means. <\/p>\n<p>With organizations relying on cloud services now more than ever, attacks targeting cloud services are likely to become more ubiquitous and sophisticated in the coming years. To keep systems and services protected against evolving threats, organizations should create strong security policies that highlight the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/cloud-security-key-concepts-threats-and-solutions\">shared responsibility model<\/a> and the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/securing-the-4-cs-of-cloud-native-systems-cloud-cluster-container-and-code%22%20\/l%20%22:~:text=The%20principle%20of%20least%20privilege,to%20carry%20out%20their%20tasks.\">principle of least privilege<\/a>. It is also a good practice to encrypt metadata or use obfuscated or otherwise non-sensitive metadata to ensure that critical data is kept secure. AWS provides a detailed example of encrypting metadata with the <a href=\"https:\/\/docs.aws.amazon.com\/glue\/latest\/dg\/encrypt-glue-data-catalog.html\">AWS Glue Data Catalog<\/a> and a listing of <a href=\"https:\/\/docs.aws.amazon.com\/govcloud-us\/latest\/UserGuide\/using-services.html\">ITAR-controlled data<\/a> related to each AWS service. <\/p>\n<p>Organizations can also benefit from prioritizing continuous monitoring and auditing, and regularly patching and updating their systems.<\/p>\n<p><span class=\"body-subhead-title\">Indicators of compromise<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\">\n<tbody readability=\"10\">\n<tr>\n<td>SHA-256<\/td>\n<td>Detection name<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>024445ae9d41915af25a347e47122db2fbebb223e01acab3dd30de4b3546496<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>06e8e4e480c4f19983f58c789503dbd31ee5076935a81ed0fe1f1af69b6f1d3d<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>4a00f99ce55f6204abcfa0b0392c6ee4c6a9fa46e8c1015a7c411ccd1b456720<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>6075906fbc8898515fe09a046d81ca66429c9b3052a13d6b3ca6f8294c70d207<\/td>\n<td>TROJANSPY.SH.CHIMAERA.AA<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>71af0d59f289cac9a3a80eacd011f5897e0c8a72141523c1c0a3e623eceed8a5<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>8bb87c1bb60cbf88724e88cf75889e6aa4fba24ab92a14aa108be04841a7aa86<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>9ad4daaa5503bef61bb9ae7e5e75e92c3afd7077296c9a0ddee8ee38a0ce380e<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>b07ca49abd118bc2db92ccd436aec1f14bb8deb74c29b581842499642cc5c473<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>c57f61e24814c9ae17c57efaf4149504e36bd3e6171e9299fd54b6fbb1ec108c<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>fa2a7374219d10a4835c7a6f0906184daaffd7dec2df954cfa38c3d4dd62d30d<\/td>\n<td>TROJAN.SH.KIMERA.YXBJ3<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/k\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-env.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Using a new batch of campaign samples, we take a look at its more recent cybercrime contributions and compare them with its previous deployments to demonstrate the group\u2019s use of upgraded tools and payloads. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":43841,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9520,9511,9509],"class_list":["post-43840","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cloud","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-research"],"yoast_head":"\n<title>TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-11T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png\" \/>\n\t<meta property=\"og:image:width\" content=\"468\" \/>\n\t<meta property=\"og:image:height\" content=\"214\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments\",\"datePublished\":\"2021-11-11T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/\"},\"wordCount\":1357,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cloud\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/\",\"name\":\"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png\",\"datePublished\":\"2021-11-11T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png\",\"width\":468,\"height\":214},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/","og_locale":"en_US","og_type":"article","og_title":"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-11T00:00:00+00:00","og_image":[{"width":468,"height":214,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments","datePublished":"2021-11-11T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/"},"wordCount":1357,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cloud","Trend Micro Research : Cyber Threats","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/","url":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/","name":"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png","datePublished":"2021-11-11T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments.png","width":468,"height":214},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43840"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43840\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/43841"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":43840,"date":"2021-11-11T00:00:00","date_gmt":"2021-11-11T00:00:00","guid":{"rendered":"urn:uuid:25af24ea-5b92-c4d5-e866-33577b2ffdf9"},"modified":"2021-11-11T00:00:00","modified_gmt":"2021-11-11T00:00:00","slug":"teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-environments\/","title":{"rendered":"TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments"},"content":{"rendered":"