Publicly exposed GitHub repositories have been cloned by threat actors looking to exfiltrate Amazon Web Services credentials as part of the EleKtra-Leak cryptojacking operation that commenced in 2020, reports The Register.
Stolen AWS credentials are then leveraged to deploy monero-mining Amazon Elastic Compute Cloud instances, with attacker-controlled EC2 implementations found to be operating 474 miners from Aug. 30 to Oct. 6, according to a report from Palo Alto Networks' Unit 42.
"We believe the threat actor might be able to find exposed AWS keys that aren't automatically detected by AWS and subsequently control these keys outside of the AWSCompromisedKeyQuarantine policy. According to our evidence, they likely did. In that case, the threat actor could proceed with the attack with no policy interfering with their malicious actions to steal resources from the victims," said researchers, who noted that other approaches have been used by attackers to obtain AWS logins while bypassing AWS policy.
Such findings should prompt independent adoption of CI/CD security measures, researchers added.
Numerous Web3 smart contracts, including DropERC20, AirDrop20, ERC721, and ERC1155, were discovered by Thirdweb to be exposed to a vulnerability in a widely used open-source nonfungible token library, reports SiliconAngle.
Partner or Problem? Securing third-party relations in the age of supply-chain attacks
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news