Nation state-sponsored advanced persistent threats Sandworm and Volt Typhoon and various distributed denial-of-service botnets were noted by Amazon Web Services to have been thwarted using its new MadPot internal threat intelligence decoy system, reports SecurityWeek.
Over 100 million possible threats are being tracked by MadPot using sensors and automotive response functionality, with nearly half a million of which being categorized as malicious, according to AWS.
Russian APT operation Sandworm was discovered by MadPot after attempted exploitation of a WatchGuard network security appliance vulnerability, with further examination of the payload yielding unique threat actor attributes and IP addresses.
On the other hand, MadPot was able to avert Chinese APT Volt Typhoon following an attack against U.S. territory Guam.
"Through our investigation inside MadPot, we identified a payload submitted by the threat actor that contained a unique signature, which allowed identification and attribution of activities by Volt Typhoon that would otherwise appear to be unrelated," said AWS, which added that data and findings from the MadPot system have been leveraged to strengthen its security offerings.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news