Type
Incident
Actors
Unknown
Pub. date
January 31, 2024
Initial access
Exposed secret
Impact
Resource hijacking
Observed techniques
Cloud API enumerationCreate new cloud userCreate or modify firewall or security group rulesLaunch new cloud resourcesEvasive username patternsDomain registration abuseSES abuse for spam or phishingAttach administrative role to accountShare compromised resources to an external accountPolicy simulationModify existing IAM user or roleCloud compute cryptojacking
Targeted technologies
Amazon SES
References
https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-mehttps://twitter.com/frichette_n/status/1752751624315933020
Status
Stub
Last edited
Jun 2, 2024 8:02 AM