Cloud Credential Stealer Campaign Expands to Target Azure and GCP Services, According to SentinelLabs
July 19, 2023, (VSNewsNetwork.com) - SentinelLabs, in collaboration with Permiso Security's threat research team, has identified an evolving cloud credential stealing campaign that has expanded its target scope to include Azure and Google Cloud Platform (GCP) services. Previously focused on Amazon Web Services (AWS) credentials, the campaign has demonstrated increased sophistication, utilizing various tools and techniques to compromise exposed Docker instances and propagate through a worm-like module.
The actor behind the campaign has shown meticulous attention to detail, adapting their tooling and improving data formatting for more autonomous activity. While AWS has traditionally been a prime target, the expansion to Azure and GCP credentials indicates the presence of other valuable data. To mitigate these attacks, organizations are advised to ensure proper application configuration, timely patching, and restricted access to Docker instances.
Source: SentinelLabs via News by Wire