Adept Libra

Threat Actor updated a month ago (2024-11-29T14:00:55.939Z)
Download STIX
Preview STIX
Adept Libra, also known as TeamTNT, is a malicious threat actor that has been active in cybersecurity breaches since at least July 2021. The group is known for its innovative use of tools such as LaZagne to steal passwords from various operating systems, including Linux distributions in cloud-based environments. This was notably observed during the Chimaera campaign. In December 2021, Adept Libra continued its nefarious activities by exploiting LaZagne to steal passwords from a WordPress site hosted in a Kubernetes environment. The group's modus operandi includes targeting vulnerable Redis instances and deploying worm-like operations. However, it differentiates itself from other threat actors like Thief Libra (aka WatchDog), Automated Libra (aka PurpleUrchin), Money Libra (aka Kinsing), and others, through its unique infection vectors. For instance, unlike the P2PInfect worm that exploits Redis through CVE-2022-0543, Adept Libra's methods are not commonly found among other cryptojacking-focused worms known to target Redis instances. Despite the similarities in attack patterns with other groups, there are no confirmed links between Adept Libra and other threat actor groups known for targeting Redis and deploying worms. This suggests that Adept Libra operates independently, further complicating efforts to predict and prevent their attacks. It is crucial for organizations to stay vigilant and maintain robust security measures to mitigate the potential risks posed by this threat actor.
Description last updated: 2024-05-04T22:47:20.205Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
TeamTNT is a possible alias for Adept Libra. TeamTNT is a prominent threat actor known for executing sophisticated attacks with malicious intent, primarily focusing on cryptojacking - the unauthorized use of victims' IT resources to mine cryptocurrency. The group's Hildegard malware has been identified as one of the most complex attacks target
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Redis
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The P2pinfect Malware is associated with Adept Libra. P2Pinfect is a form of malware, malicious software designed to infiltrate and damage computer systems or devices without the user's knowledge. It can enter your system through suspicious downloads, emails, or websites and once inside, it has the ability to steal personal information, disrupt operatiUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Thief Libra Threat Actor is associated with Adept Libra. Thief Libra, also known as WatchDog, is a threat actor identified in the cybersecurity world for its malicious activities. The group's operations involve exploiting vulnerabilities to execute actions with harmful intent. A notable aspect of Thief Libra's modus operandi involves targeting Redis instaUnspecified
2
Source Document References
Information about the Adept Libra Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more