"Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts"

Threat actors can use Amazon Web Services Security Token Service (AWS STS) to infiltrate cloud accounts and launch follow-on attacks. According to Red Canary researchers, the service allows threat actors to impersonate user identities and roles in cloud environments. AWS STS is a web service that lets users request temporary, limited-privilege credentials to access AWS resources without creating an AWS identity. These STS tokens have a validity period of 15 minutes to 36 hours. Threat actors can steal long-term Identity and Access Management (IAM) tokens using various methods, including malware infections, publicly exposed credentials, and phishing emails. They can then use them to determine roles and privileges associated with those tokens through Application Programming Interface (API) calls. This article continues to discuss the possible use of AWS STS by threat actors to infiltrate cloud accounts and carry out follow-on attacks.

THN reports "Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts"

Submitted by grigby1