AWS IAM Credential Theft Fuels Ongoing Crypto Mining Campaign

AWS IAM Credential Theft Fuels Ongoing Crypto Mining Campaign

First seen 17 Dec 2025, 22:54 UTC Aws.AmazonScworldBleepingcomputerTheregister 82% similarity 27.0

Article Content

Browse articles
ThreatCluster

A sophisticated cryptocurrency mining campaign targeting AWS customers began on November 2, 2025, using compromised AWS Identity and Access Management (IAM) credentials. The attackers exploited Amazon Elastic Container Service (ECS) and Elastic Compute Cloud (EC2) and employed advanced persistence techniques to extend their operations and evade detection. Amazon's GuardDuty detected the attack and raised a critical severity alert.

ThreatCluster AI

Community

Browse all →