Press ESC to close

FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits

CategoryDetails
Threat ActorsEC2 Grouper, a threat actor group targeting AWS credentials and tools.
Campaign OverviewFrequent exploitation of AWS credentials using distinct patterns and reliance on APIs for reconnaissance and attacks.
Target Regions (Or Victims)Organizations with AWS cloud environments; observed in several customer environments.
Methodology• Credential compromise via code repositories tied to valid accounts.
• Use of AWS tools like PowerShell and APIs.
• Security group naming conventions like “ec2group12345”.
Product TargetedAWS cloud infrastructure, including EC2, VPC, and Internet Gateway.
Malware ReferenceNo malware explicitly referenced; attacks focus on API misuse and credential exploitation.
Tools Used• AWS tools (e.g., PowerShell).
• APIs for reconnaissance and resource provisioning.
Vulnerabilities Exploited• Misconfigured AWS servers.
• Exposed credentials in code repositories.
TTPs• API-based attacks.
• Avoidance of manual activity.
• No inbound access configurations observed.
• Use of unique naming conventions.
AttributionLinked to consistent patterns in AWS tool usage and credential exploitation methods.
Recommendations• Use Cloud Security Posture Management (CSPM) tools.
• Monitor for credential misuse and suspicious API activity.
• Implement anomaly detection for unusual behaviour in the cloud environment.
• Avoid exposing sensitive credentials in code repositories.
SourceHackread

Read full article: https://hackread.com/fortiguard-labs-ec2-grouper-aws-credential-exploits/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: Hackread

Published on: January 4, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *