In a single such incident, Silk Storm used stolen API keys to entry gadgets from a company’s downstream prospects and tenants by an admin account. Utilizing the entry supplied by the stolen API keys, the attackers reset the default admin account, created extra customers, deployed net shells, and deleted log entries to cover their tracks.
The downstream victims have been primarily from the state and native authorities, in addition to the IT sector, and the data stolen from their techniques was associated to US authorities coverage and administration, legislation enforcement investigations and different authorized processes.
“Silk Storm has proven proficiency in understanding how cloud environments are deployed and configured, permitting them to efficiently transfer laterally, keep persistence, and exfiltrate information shortly inside sufferer environments,” the researchers mentioned.
