Type
Campaign
Actors
ScarletEel
Pub. date
July 11, 2023
Initial access
Web vulnerabilitySoftware misconfig
Impact
Resource hijackingData exfiltrationDenial of service
Observed techniques
Cloud compute cryptojackingCreate new cloud userDisable loggingIMDS abusePublic exposure abuse
Observed tools
XMRig
Targeted technologies
KubernetesAWS FargateDocker
References
https://sysdig.com/blog/scarleteel-2-0/
Status
Finalized
Last edited
Jun 2, 2024 11:57 AM
In July 2023, details of recent activities related to ScarletEel were published, showing the advancement of the attacker over time. The threat actors expanded their arsenal to include new tools and a C2 infrastructure, making it more difficult to detect their activity. They typically gain access by exploiting vulnerable open compute services and vulnerable applications. While they continue to focus on financial gain through crypto mining, they also remain interested in intellectual property theft