AWS Threat: Crimson Collective Steals Data for Extortion

A new threat group named Crimson Collective is actively targeting AWS cloud environments for data theft and extortion. The group initiates attacks by finding leaked long-term access keys and then establishes persistence by creating new administrative users. They conduct extensive reconnaissance of the cloud infrastructure before exfiltrating valuable data from services like RDS and EBS by creating and exporting snapshots. After successfully stealing the information, the attackers send an extortion note to the victim, often using the compromised account's own email service. This group's methodology highlights the risks of overly permissive configurations and improper credential management in cloud environments.

Latest mentioned: 10-08

Earliest mentioned: 10-08

Sources

gbhackers.com rapid7.com

Also Read

Lampion Banking Trojan Evolves with New Social Engineering Tactics

A cybercriminal group has refined its malware campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, active since 2019, targets Portuguese-speaking banks and uses complex infection methods to evade detection. Researchers have documented significant tactical evolution, including the use of ClickFix lures and compromised email accounts. The phishing emails employ convincing banking themes, and the infection chain comprises multiple obfuscated Visual Basic script stages. The Lampion stealer has evolved into a single 700MB DLL file, incorporating encrypted ZIP files to hinder detection.

10-31Read more →