More than 158 million AWS secret key records, including 1,229 unique AWS key pairs, have been discovered in an internet-exposed server exploited by a still unknown threat actor to facilitate highly automated ransomware attacks, according to Cybernews.
While most of the key pairs have already been rotated, active pairs allowed the discovery of encrypted S3 buckets with ransom demands valued at almost $25,000 in Bitcoin per victim, reported Cybernews researchers. Attackers who leveraged AWS's server-side encryption to conceal malicious activity may have achieved the massive AWS key collection by gathering keys leaked by public code repositories, targeting password managers and cloud dashboards, exploiting Continuous Integration/Continuous Deployment tools and misconfigured web app files, and targeting inactive identity and access management users, said researchers. "This is a rare and potentially unprecedented case of a coordinated extortion campaign leveraging leaked AWS credentials to apply server-side encryption (SSE-C) on data stored in S3 buckets, without owner interaction or realization," said cybersecurity researcher Bob Diachenko.
While most of the key pairs have already been rotated, active pairs allowed the discovery of encrypted S3 buckets with ransom demands valued at almost $25,000 in Bitcoin per victim, reported Cybernews researchers. Attackers who leveraged AWS's server-side encryption to conceal malicious activity may have achieved the massive AWS key collection by gathering keys leaked by public code repositories, targeting password managers and cloud dashboards, exploiting Continuous Integration/Continuous Deployment tools and misconfigured web app files, and targeting inactive identity and access management users, said researchers. "This is a rare and potentially unprecedented case of a coordinated extortion campaign leveraging leaked AWS credentials to apply server-side encryption (SSE-C) on data stored in S3 buckets, without owner interaction or realization," said cybersecurity researcher Bob Diachenko.
