Summary:
-
Extortion Attack
A sophisticated extortion scheme has targeted 110,000 domains by exploiting misconfigured AWS .env files. Attackers replaced S3-stored data with ransom notes. -
Exploited Vulnerabilities
The campaign involved scanning for exposed cloud access keys, using API calls to enumerate IAM users, and escalate permissions via newly created IAM roles. -
Automated Scanning
Attackers employed AWS Lambda functions for automated scanning, highlighting advanced tactics in their operation.
Read more at: The Register
!