urlscan.io logo urlscan.io
SecurityTrails logo

www.scworld.com Open in urlscan Pro
2606:4700:20::ac43:473c  Public Scan

Back to summary
Submitted URL: https://go.cyberriskalliance.com/MTg4LVVOWi02NjAAAAGWcYuVV2LzMedCz7GemzDkQ2LZhm1-1D8iflnzdqZ_R6WNJ_YX2RI08RE04HNXC99LhpP9uZg=
Effective URL: https://www.scworld.com/news/aws-breaks-up-massive-russian-phishing-operation?nbd=%7B%7Blead.HumId%7D%7D&nbd_source=mrkt...
Submission Tags: falconsandbox
Submission: On November 01 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

<form class="w-100" scmag-registration="set">
  <div class="my-2 font-body"><label for="email" class="visually-hidden form-label col-form-label col">Business Email</label><input placeholder="Business Email*" required="" type="email" id="email" class="fs-7 text-black p-3 form-control" value="">
  </div>
  <div class="fs-9 my-4">
    <p>By clicking the Subscribe button below, you agree to <span class="text-nowrap">SC Media<!-- --> </span><a class="text-underline" target="_blank" href="https://www.cyberriskalliance.com/terms-of-use">Terms of Use</a><span> and
      </span><a class="text-underline" target="_blank" href="https://www.cyberriskalliance.com/terms-of-use#privacy-policy">Privacy Policy</a>.</p>
  </div>
  <div class="row"><button type="submit" class="col-6 btn btn-primary">Subscribe</button></div>
</form>

Text Content

Log inRegister
CISO Stories
Topics
Topic Hubs
Events
Podcasts
Research
Recognition
About
Open Search Bar

ADVERTISEMENT




Cloud Security, Phishing


AWS BREAKS UP MASSIVE RUSSIAN PHISHING OPERATION

October 25, 2024
Share

By Shaun Nichols

(Adobe Stock)

Online retail giant and cloud-service provider Amazon broke up a phishing
operation that impersonated thousands of Amazon Web Service (AWS) domains.

The AWS security team, along with the Ukrainian CERT-UA blamed the
Russian-backed APT 29 group for an attack which used spoofed AWS domains in an
attempt to harvest login credentials from Ukrainian-speaking targets.

Since uncovering the phishing scam, Amazon has issued a mass takedown of the
domains that were used in the attack.

According to Amazon, AWS itself was not the target of the attack and none of its
services or accounts were actually compromised. Rather, URLs for AWS sites were
served up as the lure to get victims to click on the link that would eventually
lead to a malware download site.

ADVERTISEMENT



Ultimately, the victims ended up with Windows malware that sought out account
credentials.

“Some of the domain names they used tried to trick the targets into believing
the domains were AWS domains (they were not), but Amazon wasn’t the target, nor
was the group after AWS customer credentials,” said Amazon CISO CJ Moses.

“Rather, APT29 sought its targets’ Windows credentials through Microsoft Remote
Desktop.”

Given the nature of the targets, AWS said it was not hard to figure out the
motive of the Russia-backed threat group, though the tactics were slightly out
of character for the normally laser-focused APT 20.

“In this instance, their targets were associated with government agencies,
enterprises, and militaries, and the phishing campaign was apparently aimed at
stealing credentials from Russian adversaries,” explained Moses.

“APT29 sent the Ukrainian language phishing emails to significantly more targets
than their typical, narrowly targeted approach.”

With the U.S. presidential race in its final stretch, experts believe it is
likely we will see a surge in attacks ahead of the Nov. 5 elections. Russian
government-backed hacking groups have a long history of targeting U.S. elections
in hopes of destabilizing the country and tipping the scales in favor of their
preferred candidates. Officials in the U.S. recently warned that Russian backed
groups are already stepping up their disinformation efforts ahead of the
election.




AN IN-DEPTH GUIDE TO CLOUD SECURITY

Get essential knowledge and practical strategies to fortify your cloud security.
Learn More
Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with
a specialty in the cybersecurity field.


RELATED


Cloud Security

EMERALDWHALE STEALS 15,000 CREDENTIALS FROM EXPOSED GIT CONFIGURATIONS

Steve ZurierOctober 31, 2024

In a twist, more than 1 terabyte of data was stored in the S3 bucket of a
previous victim.

Cloud Security

MASSIVE CLOUD CREDENTIAL THEFT CONDUCTED VIA EXPOSED GIT CONFIGURATION BREACH

SC StaffOctober 31, 2024

Attacks by EmeraldWhale involved the utilization of the 'httpx' and 'Masscan'
open-source tools to scan websites and determine exposure of the /.git/config
file and environment files in Laravel apps.

Cloud Security

STREAM.SECURITY RAISES $30 MILLION IN SERIES B FUNDING

SC StaffOctober 29, 2024

The company's proprietary Cloud Twin technology provides security operations
teams with real-time cloud threat modeling, enabling swift detection of attack
paths across cloud infrastructures.


RELATED EVENTS

 * 
   Cybercast
   
   BUILDING A SECURE AND SCALABLE CLOUD INFRASTRUCTURE WITH FORTINET AND GOOGLE
   CLOUD
   
   Thu Nov 21

 * 
   Cybercast
   
   FRICTIONLESS CLOUD SECURITY: A NEW FRONTIER IN LIGHTWEIGHT, EFFICIENT
   PROTECTION
   
   Thu Dec 5

 * 
   Cybercast
   
   OPTIMIZING YOUR CLOUD SECURITY PROGRAM: FORECAST AND GUIDANCE LATE 2024 AND
   EARLY 2025
   
   On-Demand Event

Related Terms

Cloud ComputingGreynet

ADVERTISEMENT




GET DAILY EMAIL UPDATES

SC Media's daily must-read of the most current and pressing daily news
Business Email

By clicking the Subscribe button below, you agree to SC Media Terms of Use and
Privacy Policy.

Subscribe






--------------------------------------------------------------------------------

ABOUT US

SC MediaCyberRisk AllianceContact UsCareersPrivacy

GET INVOLVED

SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us

EXPLORE

Product reviewsResearchWhite papersWebcastsPodcasts

Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may
not be published, broadcast, rewritten or redistributed in any form without
prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy
Policy and Terms of Use.

COOKIES

This website uses cookies to improve your experience, provide social media
features and deliver advertising offers that are relevant to you.

If you continue without changing your settings, you consent to our use of
cookies in accordance with our privacy policy. You may disable cookies.

Accept cookies