• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials

You are here: Home / General Cyber Security News / Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials
March 31, 2023

A new malware toolset has been discovered and analyzed by security authorities at SentinelOne. Dubbed “AlienFox” by the crew, the toolkit can harvest qualifications for various cloud service providers.

An advisory released on Thursday by SentinelOne menace researcher Alex Delamotte reveals that attackers utilised AlienFox to efficiently harvest API keys and secrets from various companies, which include Amazon Web Providers (AWS) Straightforward Email Services (SES) and Microsoft Workplace 365.

“AlienFox is a modular toolset largely distributed on Telegram in the variety of source code archives. Some modules are readily available on GitHub for any would-be attacker to undertake,” Delamotte stated.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Numerous of these modules are open up resource, so risk actors could adapt and modify them to go well with their wants. 

Browse extra on open supply malware below: The Security Challenge of Open up Supply Software package

“The evolution of recurring options suggests the builders are turning out to be more and more complex, with efficiency criteria at the forefront in far more the latest versions,” Delamotte wrote.

Danger actors using AlienFox employed the toolkit to compile lists of misconfigured hosts from several security scanning platforms like LeakIX and SecurityTrails.

“They use various scripts in the toolset to extract sensitive info this sort of as API keys and insider secrets from configuration information exposed on victims’ web servers,” reads the SentinelOne advisory.

Even more, some of the most new variants noticed by the workforce showcased new scripts that automated malicious steps employing the stolen qualifications.

In accordance to Delamotte, the unfold of AlienFox represents a novel development in the direction of attacking additional nominal cloud products and services (unsuitable for cryptomining) to then permit and develop subsequent campaigns.

“Opportunistic cloud attacks are no more time confined to cryptomining: AlienFox instruments aid attacks on minimum companies that absence the assets wanted for mining,” Delamotte extra. “For victims, [service credentials] compromise can direct to extra service costs, reduction in shopper trust and remediation expenses.”

The SentinelOne conclusions arrive days right after Microsoft advised that just 1% of all cloud permissions are actively utilised, likely top to intense security dangers.


Some areas of this article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks
Next Post: Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
  • MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited

Copyright © TheCyberSecurity.News, All Rights Reserved.