Type
Incident
Actors
SeaTurtle
Pub. date
June 5, 2023
Initial access
Exposed secret
Impact
Unknown
Observed techniques
Create or modify firewall or security group rules
References
https://www.crowdstrike.com/cloud-risk-report/
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM
According to CrowdStrike research, in a certain incident Cosmic Wolf compromised a target organization’s cloud environment using a stolen credential. They used this to authenticate using a CLI and modified security group settings to allow shell access to machines in the environment.