Amazon has identified a new cryptocurrency mining operation on its AWS platform. The campaign exploits stolen IAM credentials and abuses services like ECS and EC2. Attackers use termination protection to maintain persistence.
Amazon Web Services (AWS) has disclosed details of a significant cryptocurrency mining campaign targeting its infrastructure. The operation relies on compromised Identity and Access Management (IAM) credentials to gain unauthorized access. Once inside, attackers deploy mining activities using Elastic Container Service (ECS) and Elastic Compute Cloud (EC2) instances.
To ensure longevity, the malicious actors enable termination protection on the compromised instances, preventing easy shutdowns. This persistence mechanism allows the mining to continue undetected for extended periods. AWS emphasizes that such abuses highlight the importance of securing IAM credentials to protect cloud environments.
The campaign represents a growing trend in cryptojacking, where unauthorized computing resources are hijacked for mining digital currencies. Organizations using AWS are advised to monitor for unusual activity in their IAM policies and instance configurations. No specific timeline or victim details were provided in the report, but the incident underscores ongoing cybersecurity challenges in cloud computing.
