Uptime Hamster: 0d 0h 0mDeploy: 5 Jul 2026 10:25Updated: 2026-07-10
Logo del actor de amenaza SCARLETEEL

SCARLETEEL

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Ver en IntelTracker → APTTrail →
SCARLETEEL is a financially motivated threat actor first documented in February 2023, primarily targeting cloud environments to steal proprietary software, intellectual property, and credentials, often using cryptomining as a diversionary tactic. The group is assessed with high confidence to be of Russian origin, indicated by exfiltration to Russian S3-compatible storage. This group is distinguished by its deep understanding of cloud mechanics, specifically within AWS and Kubernetes, employing specialized open-source tools and custom scripts to exploit containerized workloads and evade detection, a notable evolution from general cryptojacking campaigns to more focused data theft and DDoS-as-a-service operations. While some analyses have suggested potential methodological similarities with TeamTNT, there is no confirmed alias or direct association.
Tecnicas MITRE
T1078.001, T1078, T1105, T1102.001, T1046
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
6
Actualizado
Sat, 11 No

Sectores objetivo (SOCRadar)

Information ServicesData Processing ServicesOther Information ServicesComputer Systems Design Services