Cryptomining group traced to Indonesia uses compromised AWS accounts

A financially motivated cyberthreat group is attacking organizations’ Amazon Web Services (AWS) accounts to set up illicit cryptomining operations, researchers say. Analysts at cloud security company Permiso traced the activity to IP addresses associated with Indonesian internet service providers, but the report doesn’t speculate on who the attackers are. They “are engaged attackers at the

accounts addresses amazon amazon web services analysts attackers aws briefs cloud cloud security compromised cryptomining cybercrime cyberthreat indonesia internet internet service ip addresses operations organizations permiso report researchers security service service providers services web web services