Threat actors could exploit Amazon Web Services AppSync through an AWS cross-tenant vulnerability that would enable access to organizational account resource access, SecurityWeek reports.
Researchers from Datadog Security Labs were able to identify the flaw after discovering AWS API's acceptance of JSON payloads with mixed case properties during the validation process, which could be bypassed by an ARN with a different casing.
"By bypassing the ARN validation, we were able to create AppSync data sources tied to roles in other AWS accounts. This would allow an attacker to interact with any resource associated with a role which trusts the AWS AppSync service in any account," said Datadog.
AWS has already issued a patch addressing the flaw in September, noting that none of its customers have been compromised.
"Analysis of logs going back to the launch of the service have been conducted and we have conclusively determined that the only activity associated with this issue was between accounts owned by the researcher. No other customer accounts were impacted," AWS added.
Hijacked Ubiquiti EdgeRouters were reported by the FBI, National Security Agency, U.S. Cyber Command, and other law enforcement agencies around the world to have been exploited by Russian state-sponsored threat operation APT28.