Scattered Spider, Starfraud, UNC3944, Scatter Swine, and Muddled Libra - Githubissues

ramimac / aws-customer-security-incidents

A repository of breaches of AWS customers

GNU General Public License v3.0

686 stars 40 forks source link

Scattered Spider, Starfraud, UNC3944, Scatter Swine, and Muddled Libra #165

Closed ramimac closed 6 months ago

ramimac commented 6 months ago

https://www.cisa.gov/sites/default/files/2023-11/aa23-320a_scattered_spider_0.pdf

Threat actors activate Amazon Web Services (AWS) Systems Manager Inventory [T1538] to discover targets for lateral movement [TA0007],[TA0008], then move to both preexisting [T1021.007] and actor-created [T1578.002] Amazon Elastic Compute Cloud (EC2) instances

Previously in:

Addresses #125