Security News > 2023 > July > Scarleteel Threat Targets AWS Fargate, Launches DDoS and Cryptojacking Campaigns

Scarleteel Threat Targets AWS Fargate, Launches DDoS and Cryptojacking Campaigns
2023-07-14 22:03

The Scarleteel threat targets AWS Fargate environments for data theft and more malicious types of attacks such as cryptojacking and DDoS. Learn how to mitigate this threat.

Sysdig, a cloud and container security company, has released a new report on the Scarleteel threat that targets specific AWS environments for data theft and additional malicious activities.

Scarleteel is a sophisticated attack on AWS cloud environments that was discovered in February 2023 by Sysdig.

The attacker focuses on credential stealing, using several scripts to try to get AWS Fargate credentials in the instance metadata service in the filesystem and in the Docker containers created in the targeted machine.

Figure B. Once the attacker is in possession of the credentials, they install the AWS Command-Line Interface with Pacu, an open-source AWS exploitation framework designed for offensive security testing.

The threat actor also executed Pandora, a Mirai-like malware that runs DDoS attacks using Linux systems and IoT systems to specific targets.


News URL

https://www.techrepublic.com/article/scarletee-targets-aws-fargate-ddos-cryptojacking/