all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SCARLETEEL: Operation Leveraging Terraform, Kubernetes, and AWS for Data Theft

Add to bookmarks
c
April 25, 2023, 1:17 a.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Sysdig on February 28, 2023. Written by Alberto Pellitteri. The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials. They also attempted to pivot using a Terraform state file to ot...

aws cloud customer data data theft environment escalation exploited february kubernetes privilege privilege escalation research scarleteel stolen sysdig team terraform theft threat threat research workload

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
CISOs, AI, and OT: A Balancing Act Between Innovation and Protection 3 days, 9 hours ago | cloudsecurityalliance.org
act balancing act ben ciso +19
Cl
Microsoft Copilot for Security: Everything You Need to Know 4 days, 5 hours ago | cloudsecurityalliance.org
ai-powered copilot copilot for security cybersecurity +17
Cl
Navigating the Cloud – Beyond “Best Practices” 5 days, 11 hours ago | cloudsecurityalliance.org
architectures best practices beyond businesses +17
Cl
Defining Cloud Key Management: 7 Essential Terms 1 week, 4 days ago | cloudsecurityalliance.org
access access control breaches cloud +26
Cl
How DSPM Can Help Solve Healthcare Cybersecurity Attacks 1 week, 4 days ago | cloudsecurityalliance.org
access access controls article attacks +41
Cl
Considerations When Including AI Implementations in Penetration Testing 1 week, 4 days ago | cloudsecurityalliance.org
application artificial artificial intelligence ask +15
Cl
Five Reasons Why Ransomware Still Reigns 1 week, 4 days ago | cloudsecurityalliance.org
ben ciso consent cxo +15
Cl
DevSecOps Tools 1 week, 4 days ago | cloudsecurityalliance.org
code code management development devops +18
Cl
Post-Quantum Preparedness 1 week, 5 days ago | cloudsecurityalliance.org
availability change code computers +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr Security Engineer - Colombia

@ Nubank | Colombia, Bogota
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Menlo Park, CA | Washington, DC | Remote, US
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com
View more jobs