Misconfigured cloud instances have once again enabled cybercriminals to steal sensitive data, including credentials, API keys, and proprietary source code. This time, numerous Amazon Web Services (AWS) users fell victim, highlighting a lack of understanding regarding the shared responsibility model in cloud infrastructure.
Discovery of Vulnerabilities
Independent security researchers Noam Rotem and Ran Loncar uncovered open flaws in public websites in August 2024. These flaws could be exploited to access sensitive customer data, infrastructure credentials, and proprietary source code.
Data Exploitation and Sale on Telegram
Further investigation revealed that French-speaking threat actors, potentially linked to hacker groups Nemesis and ShinyHunters, scanned “millions of websites” for vulnerabilities. By exploiting these flaws, they harvested an array of sensitive information, including:
- AWS customer keys and secrets
- Database credentials and data
- Git repository data and source code
- SMTP credentials for email sending
- API keys for services like Twilio, Binance, and SendGrid
- SSH credentials
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.