Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate.
“Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture,” Sysdig security researcher Alessandro Brucato said in a new report shared with The Hacker News.
SCARLETEEL was first exposed by the cybersecurity company in February 2023, detailing a sophisticated attack chain that culminated in the theft of proprietary data from AWS infrastructure and the deployment of cryptocurrency miners to profit off the compromised systems’ resources illegally.
A follow-up analysis by Cado Security uncovered potential links to a prolific cryptojacking group known as TeamTNT, although Sysdig told The Hacker News that it “could be someone copying their methodology and attack patterns.”
images from Hacker News