Amazon CloudTrail — Cyber Threats, Attacks & Incidents

Threat entity extracted from intelligence sources

Frequency
3
occurrences
First Seen
December 16, 2025
Last Seen
June 29, 2026

Amazon CloudTrail is a technology platform tracked across 3 threat clusters and 3 intelligence report mentions on ThreatCluster. First observed December 16, 2025; most recent activity June 29, 2026.

Related Threat Clusters

  • Threat Actors Exploit EKS for Compute Hijacking and Workload Modification

    In June 2026, threat actors targeted Amazon EKS clusters by exploiting Kubernetes credentials or IAM roles to modify workloads and hijack compute resources. Attackers gained initial access through application-layer…

    3 articles · Updated June 29, 2026
  • Incident Response Playbook for Satellite Operations on AWS

    The articles detail a two-part incident response playbook tailored for satellite operations using AWS. Part one focuses on detection and forensic readiness, emphasizing the unique challenges of satellite IR, such as…

    2 articles · Updated June 19, 2026
  • AWS IAM Credential Theft Fuels Ongoing Crypto Mining Campaign

    A sophisticated cryptocurrency mining campaign targeting AWS customers began on November 2, 2025, using compromised AWS Identity and Access Management (IAM) credentials. The attackers exploited Amazon Elastic Container…

    5 articles · Updated December 17, 2025

Recent Intelligence Reports

  • What the June 2026 Threat Technique Catalog update means for your AWS environment — Aws.Amazon · June 29, 2026
  • An incident response playbook for satellite operations on AWS (Part-2): Automated response ... — Aws.Amazon · June 19, 2026
  • Cryptomining campaign targeting Amazon EC2 and Amazon ECS — Aws.Amazon · December 16, 2025

CVSS v3.1 Breakdown