Press ESC to close

‘Codefinger’ hackers encrypting Amazon cloud storage buckets

Section Details
Threat Actors Codefinger
Campaign Overview Hackers are targeting Amazon Web Services (AWS) S3 buckets, encrypting customer data using AWS’s own encryption tools, and demanding ransom payments to unlock the data.
Target Regions (Victims) AWS customers, particularly software developers
Methodology • Steal AWS account credentials and encryption keys.
• Use AWS’s server-side encryption with customer-provided keys (SSE-C) to encrypt data.
• Demand ransom for keys.
Product Targeted AWS S3 Buckets, Customer Data
Malware Reference Ransomware using AWS’s native encryption tools
Tools Used Amazon Web Services (AWS) server-side encryption with customer-provided keys (SSE-C)
Vulnerabilities Exploited Exposed AWS credentials and keys, improperly secured S3 buckets
TTPs • Stealing AWS credentials
• Encrypting data using AWS’s own encryption tools
• Ransom demand with file deletion threat in 7 days
Attribution The attack is attributed to Codefinger.
Recommendations • Secure AWS credentials and keys.
• Avoid storing credentials in source code or configuration files.
• Use AWS support for affected accounts.
Source The Record

Read full article: https://therecord.media/hackers-encrypting-amazon-cloud-buckets

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: The Record

Published on: January 15, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *