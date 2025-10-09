Amazon Web Services cloud environments have been subjected to attacks by the Crimson Collective hacking operation as part of a data extortion campaign, reports BleepingComputer. After determining internet-exposed AWS credentials through the open-source TruffleHog tool and creating new IAM users and login profiles, Crimson Collective which recently admitted to having compromised 570 GB of data from Red Hat's GitLab repositories moves to escalate privileges and obtain complete AWS control, according to a Rapid7 analysis. Total AWS compromise is then harnessed by attackers for user, instance, bucket, app, and cluster enumeration prior to Relational Database Service master password alteration and exportation for subsequent data exfiltration activities. Such activity from Crimson Collective, which was noted to involve various IP addresses, should prompt the adoption of short-term, least privileged credentials and stringent IAM policies, said AWS. AWS S3 buckets were previously reported by Halcyon to have been encrypted as part of Codefinger ransomware attacks.
AWS environments under threat from Crimson Collective
