• Fri. Oct 20th, 2023

AWS Fargate Under Attack by SCARLETEEL

Avatar photo

ByEsme Greene

Aug 13, 2023
AWS Fargate Under Attack by SCARLETEEL
Esme Greene
Latest posts by Esme Greene (see all)

Alessandro Brucato, a security expert, claims that SCARLETEEL hackers are persistent in their attacks against cloud environments. Their major target is still on cloud environments, but they have improved their stealth and resilience by changing their tools and methods to get around new security measures.

SCARLETEEL: Unleashing Havoc in Cloud Environments

In February 2023, Sysdig researchers first came upon the SCARLETEEL harmful operation. They discovered an attack chain that includes obtaining private information from AWS infrastructure and using cryptominers to illegally access afflicted computers’ resources.

A potential connection between SCARLETEEL and the famed TeamTNT cryptojacking gang was raised by Cado Security’s investigation in March. Sysdig pointed out that it may be an example of someone copying their attack strategies and techniques.

SCARLETEEL has lately increased its attention on AWS accounts, continuing their pattern. By using cryptominers on Amazon’s high-performance servers, they may steal intellectual property and possibly earn up to $4,000 per day by using weak web apps to get permanent access.

The Jupyter Notebook containers that have been set up in Kubernetes clusters are exploited as the first step in the SCARLETEEL attack chain. The hackers can survey the target network using this first access while also obtaining AWS credentials to further their intrusion.

The AWS command line and Pacu framework are then installed by the attackers in preparation for more hostile actions. It is noteworthy that a variety of scripts are used to retrieve AWS credentials, some of which target instances of the AWS Fargate computing engine explicitly.

The attackers use various techniques, such as taking advantage of container management systems by using the Kubernetes penetration testing tool Peirates. Additionally, they use the DDoS botnet malware Pandora, demonstrating their efforts to make money off of hacked servers.

The analyst from Sysdig claims that SCARLETEEL actors frequently attack cloud infrastructures like AWS and Kubernetes. Exploiting open computing services and weak apps is their favorite entrance strategy. Their first objective is stealing the intellectual property of their victims, even if their concentration is still on making money through crypto mining.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.