Tags
Cloud
ATT&CK Tactic
Persistence (TA0003)
Incidents
RBAC BusterSIM-Swap to Data Leak on Dark WebDangerDev SES abuse incidentS3 data exfiltrationLeaked long-lived AWS credsScarletEel campaign (Feb ‘23)ScarletEel campaign (July ‘23)S3 RansomOp following long-term key exposureScattered Spider SaaS targeting (2023)Phishing campaign leading to Azure account takeoverFrom stolen cloud key to persistence-as-a-serviceGENESIS PANDA's Cloud Intrusions: Persistent Control Plane Exploitation and Access Brokerage
References
https://securitylabs.datadoghq.com/articles/following-attackers-trail-in-aws-methodology-findings-in-the-wild/
Last edited
May 19, 2024 10:07 AM
Status
Stub
Defenses
Cloud Log monitoring