When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
JavaGhost
The attacks start with the group obtaining peoplesAWSaccess keys.
This gives them access to Amazon Simple Email Service (SES) and WorkMail services.
This tactic has historically been exploited by Scattered Spider."
After confirming the access, the attackers would create a temporary account and enter the console.
“The unused IAM users seem to serve as long-term persistence mechanisms.”
