Section | Details |
---|---|
Threat Actors | Codefinger |
Campaign Overview | Hackers are targeting Amazon Web Services (AWS) S3 buckets, encrypting customer data using AWS’s own encryption tools, and demanding ransom payments to unlock the data. |
Target Regions (Victims) | AWS customers, particularly software developers |
Methodology | • Steal AWS account credentials and encryption keys. • Use AWS’s server-side encryption with customer-provided keys (SSE-C) to encrypt data. • Demand ransom for keys. |
Product Targeted | AWS S3 Buckets, Customer Data |
Malware Reference | Ransomware using AWS’s native encryption tools |
Tools Used | Amazon Web Services (AWS) server-side encryption with customer-provided keys (SSE-C) |
Vulnerabilities Exploited | Exposed AWS credentials and keys, improperly secured S3 buckets |
TTPs | • Stealing AWS credentials • Encrypting data using AWS’s own encryption tools • Ransom demand with file deletion threat in 7 days |
Attribution | The attack is attributed to Codefinger. |
Recommendations | • Secure AWS credentials and keys. • Avoid storing credentials in source code or configuration files. • Use AWS support for affected accounts. |
Source | The Record |
Read full article: https://therecord.media/hackers-encrypting-amazon-cloud-buckets
The above summary has been generated by an AI language model
Leave a Reply