"New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services"

A novel cloud-native cryptojacking operation has targeted Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to mine cryptocurrency. Sysdig has given the malicious cyber activity the codename AMBERSQUID. The AMBERSQUID operation exploited cloud services without triggering the AWS requirement for approval of additional resources, as would have been the case if they had only spammed EC2 instances, according to Alessandro Brucato, a security researcher at Sysdig. Targeting multiple services presents extra challenges, such as incident response, as finding and eliminating all miners in each exploited service is required. Sysdig reported discovering the campaign after analyzing 1.7 million Docker Hub images, attributing it with moderate confidence to Indonesian attackers based on the use of the Indonesian language in scripts and usernames. This article continues to discuss the new AMBERSQUID cryptojacking operation.

THN reports "New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services"