Tag: aws
5 attack reports | 0 vulnerabilities
Attack reports
Malicious RDP Files Identified in Latest Attack on Ukrainian Entities
CERT-UA has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses RDP configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to UAC-0215 and linked to APT29…
Downloadable IOCs 0
Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data
This report discusses malicious Golang ransomware samples that exploit Amazon S3's Transfer Acceleration feature to exfiltrate victims' data and upload it to attacker-controlled S3 buckets. The samples contained hard-coded AWS credentials linked to compromised accounts, allowing the researchers to …
Downloadable IOCs 39
New Android Spyware Campaign Targets South Koreans via AWS
A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
Downloadable IOCs 7
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…
Downloadable IOCs 37
Malicious npm package targets AWS users
ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later versi…
Downloadable IOCs 3
Malicious RDP Files Identified in Latest Attack on Ukrainian Entities
CERT-UA has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses RDP configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to UAC-0215 and linked to APT29…
Downloadable IOCs 0
Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data
This report discusses malicious Golang ransomware samples that exploit Amazon S3's Transfer Acceleration feature to exfiltrate victims' data and upload it to attacker-controlled S3 buckets. The samples contained hard-coded AWS credentials linked to compromised accounts, allowing the researchers to …
Downloadable IOCs 39
New Android Spyware Campaign Targets South Koreans via AWS
A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
Downloadable IOCs 7
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…
Downloadable IOCs 37
Malicious npm package targets AWS users
ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later versi…
Downloadable IOCs 3
Malicious RDP Files Identified in Latest Attack on Ukrainian Entities
CERT-UA has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses RDP configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to UAC-0215 and linked to APT29…
Downloadable IOCs 0
Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data
This report discusses malicious Golang ransomware samples that exploit Amazon S3's Transfer Acceleration feature to exfiltrate victims' data and upload it to attacker-controlled S3 buckets. The samples contained hard-coded AWS credentials linked to compromised accounts, allowing the researchers to …
Downloadable IOCs 39
New Android Spyware Campaign Targets South Koreans via AWS
A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
Downloadable IOCs 7
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…
Downloadable IOCs 37
Malicious npm package targets AWS users
ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later versi…
Downloadable IOCs 3
Malicious RDP Files Identified in Latest Attack on Ukrainian Entities
CERT-UA has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses RDP configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to UAC-0215 and linked to APT29…
Downloadable IOCs 0
Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data
This report discusses malicious Golang ransomware samples that exploit Amazon S3's Transfer Acceleration feature to exfiltrate victims' data and upload it to attacker-controlled S3 buckets. The samples contained hard-coded AWS credentials linked to compromised accounts, allowing the researchers to …
Downloadable IOCs 39
New Android Spyware Campaign Targets South Koreans via AWS
A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
Downloadable IOCs 7
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…
Downloadable IOCs 37
Malicious npm package targets AWS users
ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later versi…
Downloadable IOCs 3
Malicious RDP Files Identified in Latest Attack on Ukrainian Entities
CERT-UA has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses RDP configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to UAC-0215 and linked to APT29…
Downloadable IOCs 0
Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data
This report discusses malicious Golang ransomware samples that exploit Amazon S3's Transfer Acceleration feature to exfiltrate victims' data and upload it to attacker-controlled S3 buckets. The samples contained hard-coded AWS credentials linked to compromised accounts, allowing the researchers to …
Downloadable IOCs 39
New Android Spyware Campaign Targets South Koreans via AWS
A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
Downloadable IOCs 7
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…
Downloadable IOCs 37
Malicious npm package targets AWS users
ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later versi…
Downloadable IOCs 3