Hosted on MSN

AWS systems targeted by crypto mining scam using hijacked IAM credentials

Attackers used stolen high‑privilege IAM credentials to rapidly deploy large‑scale cryptomining on EC2 and ECS They launched GPU‑heavy auto‑scaling groups, malicious Fargate containers, new IAM users, ...
CSOonline

ECScape: New AWS ECS flaw lets containers hijack IAM roles without breaking out

Naor Haziz’s discovery shows how a compromised container on EC2-backed ECS tasks can impersonate the ECS agent and steal IAM credentials from other tasks—without host access. At Black Hat USA 2025, ...
Dark Reading

Attackers Use Stolen AWS Credentials in Cryptomining Campaign

Attackers have been using compromised AWS Identity and Access Management (IAM) credentials to target cloud services in a sprawling cryptomining campaign that can deploy unauthorized miners 10 minutes ...
TechRadar

Red Hat hackers Crimson Collective are now going after AWS instances

Crimson Collective hackers target AWS using exposed credentials to escalate privileges and exfiltrate data Attackers use TruffleHog to find secrets, then create IAM users and access keys via API Red ...