Type
Incident
Actors
Pub. date
July 28, 2020
Initial access
Unknown
Impact
Resource hijacking
Status
Stub
Last edited
Jun 2, 2024 11:58 AM
Over the July 4th holiday weekend Expel’s SOC spotted a coin-mining attack in a customer’s Amazon Web Services (AWS) environment. The attacker compromised the root IAM user access key and used it to enumerate the environment and spin up ten (10) c5.4xlarge EC2s to mine Monero.
https://expel.com/blog/behind-the-scenes-expel-soc-alert-aws/