top of page
perceptive_background_267k.jpg

Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

Published:

17 december 2025 om 21:48:33

Alert date:

17 december 2025 om 22:01:17

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Amazon's AWS GuardDuty security team has identified an ongoing cryptomining campaign targeting AWS infrastructure. The attack specifically focuses on Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) instances. Attackers are using compromised credentials for Identity and Access Management (IAM) to gain unauthorized access. The campaign represents an active threat to AWS customers with potential for significant resource abuse and financial impact. Organizations using AWS services should review their IAM security posture and monitor for unusual compute activity.

Technical details

Mitigation steps:

Affected products:

AWS EC2
AWS ECS
AWS IAM

Related links:

https://www.bleepingcomputer.com/news/security/amazon-ongoing-cryptomining-campaign-uses-hacked-aws-accounts/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page