"SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign"
Threat actors are now targeting Amazon Web Services (AWS) Fargate as part of an ongoing attack campaign called SCARLETEEL. Alessandro Brucato, a security researcher at Sysdig, noted that cloud environments are still their primary target. However, tools and techniques have been adjusted to circumvent new security measures. There is also a more resilient and stealthy command-and-control (C2) architecture. The cybersecurity company first exposed SCARLETEEL in February 2023, detailing a sophisticated attack chain that resulted in the theft of proprietary data from AWS infrastructure and the launch of cryptocurrency miners. Cado Security's follow-up analysis uncovered possible ties to a prolific cryptojacking group known as TeamTNT, although Sysdig stated that it could be an imitator of TeamTNT's methods and attack patterns. The latest activity continues targeting AWS accounts by exploiting vulnerable public-facing web applications to gain persistence, steal intellectual property, and potentially generate $4,000 per day through cryptocurrency mining. This article continues to discuss the ongoing SCARLETEEL attack campaign exploiting AWS Fargate.
THN reports "SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign"