MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
aws
Recherche

110K Domains Targeted in 'Sophisticated' AWS Cloud Extortion Campaign

jeudi 22 août 2024, 04:15 , par Slashdot
A sophisticated extortion campaign has targeted 110,000 domains by exploiting misconfigured AWS environment files, security firm Cyble reports. The attackers scanned for exposed.env files containing cloud access keys and other sensitive data. Organizations that failed to secure their AWS environments found their S3-stored data replaced with ransom notes.

The attackers used a series of API calls to verify data, enumerate IAM users, and locate S3 buckets. Though initial access lacked admin privileges, they created new IAM roles to escalate permissions. Cyble researchers noted the attackers' use of AWS Lambda functions for automated scanning operations.

Read more of this story at Slashdot.
https://it.slashdot.org/story/24/08/22/0214202/110k-domains-targeted-in-sophisticated-aws-cloud-exto...

Voir aussi

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
dim. 22 déc. - 07:53 CET