A recent phishing campaign leveraged compromised AWS keys to weaponize Amazon Simple Email Service (SES), demonstrating novel techniques to bypass default restrictions and achieve industrial-scale email delivery, with attackers abusing the `PutAccountDetails` API to push SES accounts into production mode. The campaign utilized programmatic API calls and attempted privilege escalation, indicating sophisticated, automated tradecraft.
Latest mentioned: 09-08
Earliest mentioned: 09-04