Amazon Stymies APT29 Credential Theft Campaign
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.
Amazon provides cloud and online services whose vulnerabilities, security advisories, and supply-chain risks can affect users and organizations.
Search across headline titles and summaries.
Background for this topic.
Amazon provides a large-scale cloud computing platform and an extensive e-commerce marketplace, both widely used across industries. Its cloud services offer infrastructure for hosting applications, storing data, and managing complex workflows, while its marketplace facilitates transactions between millions of buyers and sellers. These environments involve diverse user roles, APIs, and integrations with third-party services, creating multiple points of interaction and potential exposure.
Security risks include misconfigured cloud resources, such as storage buckets or access policies that unintentionally allow public or excessive permissions, leading to data exposure or unauthorized use. The e-commerce platform faces threats like account takeovers targeting customer or seller accounts, and fraud exploiting payment or order systems. Mitigating these risks requires strict identity and access management controls, continuous monitoring for unusual activity, and thorough validation of third-party components to prevent exploitation within Amazon’s complex ecosystem.
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.
Researcher: Internal Data Belonging to World’s Largest Lender Exposed on AWSNavy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, says cybersecurity researcher Jeremiah Fowler. Exposed data included email addresses, hashed passwords and what appeared to be internal system data.
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.
Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data. [...]
The campaign shows APT29’s intentions to “cast a wider net in their intelligence collection efforts,” said Amazon