Once getting a foothold into a Kubernetes cluster, the malware attempted to spread over as many containers as possible and eventually launched cryptojacking operations. Based on the tactics, techniques and procedures (TTP) that the attackers used, Unit 42 researchers believe this is a new campaign from TeamTNT. Researchers refer to this new malware as Hildegard, the username of the tmate account that the malware used.