Cyber Resilience

Threat actor · all actors

TeamTNTG0139 unknown

aka TeamTNT

Last updated: 2026-07-03

1attributed CVEs
75ATT&CK techniques
4.3IDF score (tooling uniqueness)
1exclusive CVEs
2019years active

About this actor

[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2019-5736 8.08.60.98572019-02-11see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-442 / 7556%
CM-641 / 7555%
AC-334 / 7545%
AC-632 / 7543%
CM-232 / 7543%
AC-231 / 7541%
CM-729 / 7539%
SI-328 / 7537%
SI-728 / 7537%
CA-726 / 7535%
IA-224 / 7532%
AC-523 / 7531%
SC-720 / 7527%
CM-518 / 7524%
AC-1717 / 7523%

Co-occurring actors

None.

Similar actors

Similar TTPs

Active in same years