Cosmic Wolf cloud activity

Type

Incident

Actors

🐢SeaTurtle

Pub. date

June 5, 2023

Initial access

Exposed secret

Impact

Unknown

Observed techniques

Create or modify firewall or security group rules

References

https://www.crowdstrike.com/cloud-risk-report/

Status

Finalized

Last edited

Jun 2, 2024 8:02 AM

According to CrowdStrike research, in a certain incident Cosmic Wolf compromised a target organization’s cloud environment using a stolen credential. They used this to authenticate using a CLI and modified security group settings to allow shell access to machines in the environment.