Tag: aws

An attacker exploited the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor gathered system details using public IP lookup services and various commands. Multiple shell scripts were downloaded and executed …

CERT-UA has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses RDP configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to UAC-0215 and linked to APT29…

This report discusses malicious Golang ransomware samples that exploit Amazon S3's Transfer Acceleration feature to exfiltrate victims' data and upload it to attacker-controlled S3 buckets. The samples contained hard-coded AWS credentials linked to compromised accounts, allowing the researchers to …

A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…

Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…

ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later versi…