Scworld
AWS IAM Credential Theft Fuels Ongoing Crypto Mining Campaign
First seen 17 Dec 2025, 22:54 UTC
•


•82% similarity
•27.0
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A sophisticated cryptocurrency mining campaign targeting AWS customers began on November 2, 2025, using compromised AWS Identity and Access Management (IAM) credentials. The attackers exploited Amazon Elastic Container Service (ECS) and Elastic Compute Cloud (EC2) and employed advanced persistence techniques to extend their operations and evade detection. Amazon's GuardDuty detected the attack and raised a critical severity alert.
ThreatCluster AI