• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials

You are here: Home / General Cyber Security News / Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials
March 31, 2023

A new malware toolset has been discovered and analyzed by security authorities at SentinelOne. Dubbed “AlienFox” by the crew, the toolkit can harvest qualifications for various cloud service providers.

An advisory released on Thursday by SentinelOne menace researcher Alex Delamotte reveals that attackers utilised AlienFox to efficiently harvest API keys and secrets from various companies, which include Amazon Web Providers (AWS) Straightforward Email Services (SES) and Microsoft Workplace 365.

“AlienFox is a modular toolset largely distributed on Telegram in the variety of source code archives. Some modules are readily available on GitHub for any would-be attacker to undertake,” Delamotte stated.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Numerous of these modules are open up resource, so risk actors could adapt and modify them to go well with their wants. 

Browse extra on open supply malware below: The Security Challenge of Open up Supply Software package

“The evolution of recurring options suggests the builders are turning out to be more and more complex, with efficiency criteria at the forefront in far more the latest versions,” Delamotte wrote.

Danger actors using AlienFox employed the toolkit to compile lists of misconfigured hosts from several security scanning platforms like LeakIX and SecurityTrails.

“They use various scripts in the toolset to extract sensitive info this sort of as API keys and insider secrets from configuration information exposed on victims’ web servers,” reads the SentinelOne advisory.

Even more, some of the most new variants noticed by the workforce showcased new scripts that automated malicious steps employing the stolen qualifications.

In accordance to Delamotte, the unfold of AlienFox represents a novel development in the direction of attacking additional nominal cloud products and services (unsuitable for cryptomining) to then permit and develop subsequent campaigns.

“Opportunistic cloud attacks are no more time confined to cryptomining: AlienFox instruments aid attacks on minimum companies that absence the assets wanted for mining,” Delamotte extra. “For victims, [service credentials] compromise can direct to extra service costs, reduction in shopper trust and remediation expenses.”

The SentinelOne conclusions arrive days right after Microsoft advised that just 1% of all cloud permissions are actively utilised, likely top to intense security dangers.


Some areas of this article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks
Next Post: Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.