Real World Case Studies
Public reports of AWS incidents and response that provide a high level of detail.
- AWS incident response story - This article walks through an AWS incident including techniques used by the threat actor and Indicators of Compromise (IoCs)
- AWS cryptomining incident - Step-by-step walkthrough of how the threat actor compromised access keys, established persistence, and initiated crypto mining
- LUCR-3 / Scattered Spider attacks against cloud environments - Breakdown of attacker attributes, lifecycle, techniques, defense evasion, and IoCs
- Public Cloud Security Breaches - Documenting their mistakes so you don't make them