- Crimson -Collective hackers are targeting AWS using exposed credentials to escalate privileges and exfiltrate data
- Attackers use Trufflehog to find secrets, then create IAM users and access keys via API
- Red Hat Overlay provided 570 GB of sensitive files, including 800 infrastructure-rich consultant registers
Crimson Collective, the threat actor behind the recent violation of Red Hat, now goes after Amazon Web Services (AWS) Sky environments who want to establish persistence, steal data and pressure the victims of money.
CyberSecurity scientists RAPID7 found that attackers are using Trufflehog, an open source security tool designed to search for secrets, credentials and API keys that may have been accidentally exposed to codepositories or other sources. After finding exposed AWS legitimation information, attackers create new IAM users and login profiles via API calls and create new access keys as well as escalating privileges by linking new policies.
Finally, they use their access to map their victim’s network and plan data filling and extortion.
Crimson Collective
Talking to Bleeping computerthe company said its users should use short-term, least privileged credentials and implement restrictive IAM policies to fight the threat.
“In the event that a customer suspects that their credentials may have been postponed, they may start by following the steps listed in this post,” AWS explained. “If customers have questions about the security of their accounts, they are advised to contact AWS support.
Crimson Collective recently turned heads when it broke into Red Hat’s private Gitlab Environment Repositories and Exfiltered about 570 GB of various files from 28,000 internal projects.
Among the files were 800 Customer Review Registers (CER) – Internal Consultancy Documents created by Red Hat to support company clients, and typically includes detailed infrastructure information (network architecture, system configuration, etc.), authentication and access data (credentials, access tokens and more) and operational insights (recommendations, problems and similar problems and similar).
This makes them extremely valuable as they can be easily utilized in follow -up attacks.
Via Bleeping computer
