InfoSecBulletin Cybersecurity for mankind
DataDog Security Labs found a worrying campaign targeting Amazon Web Services (AWS), showing a new wave of harmful activity aimed at compromising important cloud resources. The attackers are using various methods, focusing on finding and possibly stealing data from AWS Secrets Manager, S3 buckets, and S3 Glacier vaults.
Between May 23rd and 27th, 2024, a campaign showed how cyber threats to cloud infrastructure continue to evolve. The attackers likely to use leaked access keys, residential proxies, and the Cloudflare WARP VPN to hide their actions, showing their sophistication and determination.
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
DataDog’s research did not find any successful attempts to steal data. However, the fact that many AWS resources were being identified suggests that there might be a deliberate and potentially large-scale operation happening.
While DataDog’s research did not observe successful data exfiltration attempts, the widespread enumeration of AWS resources suggests a calculated and potentially large-scale operation. The attackers may be assessing the value of available data before initiating exfiltration or testing the level of access they possess for potential resale in underground markets.
Attackers are now targeting S3 Glacier vaults, a shift from the traditional focus on S3 buckets. This shows that attackers are broadening their tactics to explore new ways to exploit potential vulnerabilities.
DataDog’s report provides important information about the tactics, techniques, and procedures used in this campaign. It gives organizations valuable insights to improve their AWS security. By monitoring the indicators of compromise and implementing proactive security measures, organizations can reduce the risk of being attacked.
