Cloud Threat Landscape

Incidents
Actors
Techniques
Defenses
Tools
Targeted Technologies
Posters & Newspapers
About
RSS
STIX
Back to wiz.io

Cloud Threat Landscape

/

/

Create new cloud user

Create new cloud user

Tags

Cloud

ATT&CK Tactic

Persistence (TA0003)

Incidents

RBAC Buster SIM-Swap to Data Leak on Dark Web DangerDev SES abuse incident S3 data exfiltration Leaked long-lived AWS creds ScarletEel campaign (Feb ‘23)ScarletEel campaign (July ‘23)S3 RansomOp following long-term key exposure Scattered Spider SaaS targeting (2023)Phishing campaign leading to Azure account takeover From stolen cloud key to persistence-as-a-service GENESIS PANDA's Cloud Intrusions: Persistent Control Plane Exploitation and Access Brokerage TruffleNet Campaign Exploits AWS SES for Large-Scale Cloud Abuse and BEC Fraud Cloud-Native Phishing Infrastructure via Abused AWS WorkMail

References

https://securitylabs.datadoghq.com/articles/following-attackers-trail-in-aws-methodology-findings-in-the-wild/

Last edited

May 19, 2024 10:07 AM

Status

Stub

Defenses

Cloud Log monitoring

Made with 💙 by Wiz

Last Updated: April 3, 2025

Create new cloud user