Attackers Use Stolen AWS Credentials in Cryptomining Campaign
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.
The sneaky malware packs capabilities for system reconnaissance as well as credential and cryptocurrency theft.
The malware substitutes genuine apps with compromised versions, enabling attackers to pilfer credentials and recovery phrases, thus gaining access to wallets and their contents.
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
A criminal crowd-sourcing campaign has led to swift adoption of the stealer, which can pilfer key computer data, credentials from browsers and chat apps, and cryptocurrency from multiple wallets.
Some employees' personal data was leaked, but the company responded swiftly to a socially engineered incident that gained access to legitimate employee login credentials.
The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.