Attackers are using an Adversary-in-the-Middle (AiTM) phishing kit combined with typosquatted domains to target AWS account holders, redirecting them to a high-fidelity clone of the AWS Management Console sign-in page to steal credentials and session cookies. Researchers observed that compromised accounts are accessed rapidly, sometimes within 20 minutes of credential submission. To mitigate this threat, organizations should enforce phishing-resistant multi-factor authentication (MFA) and educate users to scrutinize email sender addresses and login URLs carefully.
Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page, Datadog researchers have warned. The cloned AWS phishing page (Source: Datadog Security Labs) The campaign has been running since the end of February and possibly earlier. βIn one observed case, the operator authenticated to a compromised AWS account within 20 minutes of credential submission,β the researchers noted. Fake AWS security β¦ More β The post Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts appeared first on Help Net Security .