| Section | Details |
|---|---|
| Threat Actors | Codefinger |
| Campaign Overview | Hackers are targeting Amazon Web Services (AWS) S3 buckets, encrypting customer data using AWS’s own encryption tools, and demanding ransom payments to unlock the data. |
| Target Regions (Victims) | AWS customers, particularly software developers |
| Methodology | • Steal AWS account credentials and encryption keys. • Use AWS’s server-side encryption with customer-provided keys (SSE-C) to encrypt data. • Demand ransom for keys. |
| Product Targeted | AWS S3 Buckets, Customer Data |
| Malware Reference | Ransomware using AWS’s native encryption tools |
| Tools Used | Amazon Web Services (AWS) server-side encryption with customer-provided keys (SSE-C) |
| Vulnerabilities Exploited | Exposed AWS credentials and keys, improperly secured S3 buckets |
| TTPs | • Stealing AWS credentials • Encrypting data using AWS’s own encryption tools • Ransom demand with file deletion threat in 7 days |
| Attribution | The attack is attributed to Codefinger. |
| Recommendations | • Secure AWS credentials and keys. • Avoid storing credentials in source code or configuration files. • Use AWS support for affected accounts. |
| Source | The Record |
Read full article: https://therecord.media/hackers-encrypting-amazon-cloud-buckets
The above summary has been generated by an AI language model
Leave a Reply