Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts.
May 5, 2022 By Shaun Nichols
A threat group has been exploiting web apps to steal valuable metadata that allows them to pilfer data from AWS database instances.
Mandiant researchers uncovered an attack operation by a threat group designated as UNC2903. The attack, which ran from May to June last year, saw threat actors stealing corporate data from AWS installations after an extended period of reconnaissance.
"The threats identified in campaigns carried out by UNC2903 were multi-phased attacks, which involved infrastructure scanning, reconnaissance and further abuse of the underlying abstraction layers offered by cloud-hosted platforms," the researchers explained in a blog post Wednesday.
