Hackers are using AlienFox to steal cloud credentials

 

Sentinel Labs, a company specializing in technology for threat protection, has discovered AlienFox, a new toolkit that threat actors use to steal credentials from multiple cloud providers.

 The company describes Alien Fox as a modular toolset primarily distributed via Telegram in the form of source code archives. 

  • According to a Sentinel Labs blog post, AlienFox has been used to harvest API keys and secrets from 18 different cloud providers, including Amazon Web Services (AWS), Google Workspace, Office 365, Sendgrid, Twilio, and more. 
  • Sentinel Labs says the AlienFox toolkit enables hackers to scan for misconfigured servers to steal authentication codes and credentials to compromise cloud-based email and web hosting services.  
  • Perhaps the most alarming aspect is that some modules are directly available on GitHub, making access easy for any potential hacker. Furthermore, most of these tools are open-source, which allows attackers to modify them based on their specific needs.  
  • The researchers have found that AlienFox is continuously evolving and thus becoming more sophisticated and that the latest version of the toolset added scripts that automate malicious actions using the stolen credentials to establish an AWS account persistence and privilege escalation. 

Post a Comment

Previous Next

Contact Form