Press ESC to close

ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket

Attribute Details
Threat Actors ShinyHunters, Nemesis
Campaign Overview Large-scale hacking operation exploiting millions of websites, stealing 2+ terabytes of sensitive data, and targeting cloud environments.
Target Regions Global reach, attacks originating from a French-speaking country, notable activity in AWS infrastructure, affected customers worldwide.
Methodology Automated exploitation using Python, PHP, ffuf, httpx, Shodan; searching AWS IP address ranges; reverse lookups across millions of targets.
Product Targeted AWS services, databases, Git repositories, SMTP/SMS services, social media accounts, cryptocurrency wallets, trading platforms.
Malware Reference Tools associated with ShinyHunters and Nemesis; S3 bucket misconfiguration exploited for data storage and retrieval.
Tools Used Python, PHP, ffuf, httpx, Shodan, AWS IP ranges, custom tools documented in French, shared S3 bucket infrastructure.
Vulnerabilities Exploited Misconfigured AWS S3 bucket, unsecured cloud storage, database access flaws, stolen credentials for cloud services, phishing vulnerabilities.
TTPs Reverse lookups, automated scanning and exploitation, data storage in open S3 buckets, leveraging stolen AWS keys, marketplace trading for stolen credentials.
Attribution Linked to ShinyHunters and Nemesis groups; discovered by researchers Noam Rotem and Ran Locar; collaboration with the AWS Fraud Team.
Recommendations Strong cybersecurity practices, proper cloud environment configurations, protection against misconfigurations, continuous monitoring, AWS security best practices.
Source Hackread

Read full article: https://hackread.com/shinyhunters-nemesis-hacks-aws-s3-bucket-leak/

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *