Researchers have discovered that a financially motivated threat actor called ScarletEel has been infiltrating Amazon Web Services (AWS) for various malicious activities. These activities include stealing credentials and intellectual property, deploying crypto mining software, and carrying out distributed denial-of-service (DDoS) attacks.
The existence of ScarletEel was initially disclosed in a blog post by cloud security firm Sysdig in February. The group demonstrates a strong understanding of AWS tools and effectively maneuvers within cloud environments using native AWS functionality. By gaining the appropriate access, ScarletEel executes a dual strategy of planting crypto mining software while simultaneously pilfering intellectual property.
Recent analysis conducted by Sysdig reveals that ScarletEel continues to refine its tactics and evade cloud security detection mechanisms. The threat actor has expanded its capabilities to target AWS Fargate, a relatively unexplored compute engine. Furthermore, ScarletEel has incorporated DDoS-as-a-service into its range of exploitation techniques.
Alessandro Brucato, a threat research engineer for Sysdig, explains that ScarletEel has become more adept at understanding the victim’s environment and has improved its ability to exploit vulnerabilities while evading defensive security measures implemented by customers.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: