CP
cyberpings
Threat IntelHIGH

Threat Intel - AiTM Phishing Kit Hijacks AWS Accounts

HNHelp Net Security
AWSAiTM phishing kitmalware campaignHR departmentscybersecurity
🎯

Basically, hackers are tricking people into giving up their AWS account details.

Quick Summary

Hackers are using an AiTM phishing kit to hijack AWS accounts. Meanwhile, a year-long malware campaign is targeting HR departments, posing serious risks to sensitive data. Organizations must act swiftly to bolster their defenses.

The Threat

Recently, a sophisticated AiTM phishing kit has emerged, specifically designed to hijack AWS accounts. This kit tricks users into entering their credentials on a fake AWS? sign-in page. The attackers send out fake email alerts that appear legitimate, redirecting victims to this clone. Once the victim submits their credentials, the attackers can access their accounts almost immediately. In one instance, a compromised account was accessed within 20 minutes of credential submission.

In addition to this phishing threat, a year-long malware campaign has been targeting HR departments and job recruiters. This campaign is notable for its stealthy approach, leveraging specialized modules to evade antivirus and endpoint detection software. The attackers have been able to operate under the radar, making it difficult for organizations to detect the intrusion.

Who's Behind It

The AiTM phishing kit is believed to be linked to a group of cybercriminals who have been increasingly sophisticated in their tactics. By using typosquatted domains, they create convincing replicas of legitimate sites. This allows them to exploit the trust that users place in familiar platforms like AWS?.

The year-long malware campaign is attributed to Russian-speaking attackers, who have demonstrated a high level of skill in avoiding detection. Their focus on HR departments suggests a targeted approach, likely aiming to gain access to sensitive employee data or to facilitate further attacks within organizations.

Tactics & Techniques

The tactics employed by these attackers are alarming. For the AiTM phishing kit, the use of high-fidelity clones of legitimate sign-in pages is a key tactic. This method significantly increases the likelihood of users falling for the scam. Additionally, the attackers utilize social engineering? techniques, crafting emails that appear to be official security alerts from AWS?.

In the case of the malware campaign, the attackers have developed a specialized module that can disable antivirus software. This allows them to maintain persistence within compromised systems, making detection and remediation extremely challenging for affected organizations.

Defensive Measures

Organizations must take proactive steps to defend against these threats. For the AiTM phishing kit, it is crucial to educate employees about recognizing phishing attempts. Regular training sessions can help staff identify suspicious emails and verify the authenticity of links before clicking.

For the malware campaign targeting HR departments, companies should implement robust endpoint detection and response? solutions. Regular system audits and updates can help identify vulnerabilities before they are exploited. Additionally, employing multi-factor authentication can add an extra layer of security, making it harder for attackers to gain access even if credentials are compromised.

💡 Tap dotted terms for explanations

🔒 Pro insight: The rapid adoption of AiTM kits indicates a shift in phishing tactics, necessitating enhanced user training and security protocols.

Original article from

Help Net Security · Help Net Security

Read Full Article

Share

Related Pings

HIGHThreat Intel

Storm-2561 Campaign Targets Users with Fake VPN Sites

Storm-2561 is tricking users into downloading fake VPN software. This affects anyone searching for trusted VPN clients. The risk includes stolen corporate credentials and potential data breaches. Stay vigilant and verify software sources.

Security Affairs·
HIGHThreat Intel

Operation Synergia III: 45,000 Malicious IPs Taken Down Globally

INTERPOL's Operation Synergia III dismantled 45,000 malicious IPs and arrested 94 suspects. This global effort highlights the growing threat of cybercrime. Authorities are committed to ongoing investigations and collaboration to combat these issues.

Security Affairs·
HIGHThreat Intel

Massive Crackdown on 45,000 Malicious IPs Behind Ransomware

In a historic crackdown, INTERPOL and 72 nations shut down over 45,000 malicious IPs linked to cybercrime. This operation highlights the global effort to combat ransomware and phishing attacks. With numerous arrests and seized servers, authorities are making strides to dismantle cybercriminal networks.

Cyber Security News·
HIGHThreat Intel

AI Phishing Attacks Surge with Malicious SVGs Post-Holiday

AI phishing attacks have surged post-holidays, with a 50-fold increase in malicious SVGs. Many users are affected as attackers impersonate trusted entities. This evolving threat highlights the need for enhanced email security measures.

SC Media·
HIGHThreat Intel

Europol Shuts Down Major Phishing Platform: Tycoon 2FA

Europol and vendors have taken down the Tycoon 2FA phishing platform. This operation disrupts a major threat to users. Stay alert and protect your data from phishing scams.

Proofpoint Threat Insight·
HIGHThreat Intel

Pro-Iran Hackers Target Major US Medical Device Maker Stryker

A cyberattack by pro-Iran hackers has disrupted Stryker, a key US medical device maker. This incident raises concerns about patient care and cybersecurity in the healthcare sector. Experts are calling for improved defenses against such nation-state threats.

Proofpoint Threat Insight·