A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances to carry out illicit crypto mining operations.
The group’s primary mission is to create EC2 instances to facilitate their crypto mining activities, the researchers write.
In many cases, the profits they make from crypto mining are just a sliver of the expense the victim organizations have to pay for running the EC2 instance hosting the malicious code in order to support their illegal mining operations.
According to the research, the group starts by gaining AWS Console access through a web browser and then using privilege escalation and an internal reconnaissance to review all available S3 buckets and determine the services that are accessible via the AWS web console.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply