SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials. They also attempted to pivot using a Terraform state file to other connected AWS accounts to spread their reach throughout the organization. 

This attack was more sophisticated than most, as it …

account accounts aws cloud credentials customer data data theft environment escalation exploited kubernetes order pivot privilege privilege escalation research scarleteel software state steal stolen sysdig team terraform theft threat threat research workload