SCARLETEEL
0 incidentes
0 paises
0 sectores
apt RU Ultimo: -
SCARLETEEL is a financially motivated threat actor first documented in February 2023, primarily targeting cloud environments to steal proprietary software, intellectual property, and credentials, often using cryptomining as a diversionary tactic. The group is assessed with high confidence to be of Russian origin, indicated by exfiltration to Russian S3-compatible storage. This group is distinguished by its deep understanding of cloud mechanics, specifically within AWS and Kubernetes, employing specialized open-source tools and custom scripts to exploit containerized workloads and evade detection, a notable evolution from general cryptojacking campaigns to more focused data theft and DDoS-as-a-service operations. While some analyses have suggested potential methodological similarities with TeamTNT, there is no confirmed alias or direct association.
Sectores objetivo (SOCRadar)
Information ServicesData Processing ServicesOther Information ServicesComputer Systems Design Services