Type
Incident
Actors
Pub. date
June 5, 2023
Initial access
Exposed secret
Impact
Unknown
Observed techniques
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM
According to CrowdStrike research, in a certain incident Cosmic Wolf compromised a target organization’s cloud environment using a stolen credential. They used this to authenticate using a CLI and modified security group settings to allow shell access to machines in the environment.