← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cloud Abuse at Scale
WHITE PetrP.73 2025-11-02 Modified: 2025-12-02
7
IOCs
LOW VOLUME
The recent campaign identified involves the use of stolen credentials targeting Amazon Simple Email Service (SES) through a sophisticated infrastructure known as TruffleNet. This infrastructure takes advantage of TruffleHog, an open-source tool designed for secret scanning, to systematically test compromised credentials across various AWS environments. Notably, the campaign connects credential testing with tactics for downstream Business Email Compromise (BEC), which manifests as attackers impersonating trusted entities to facilitate financial fraud.
threat researchfortiguard labs threat researchx8664fortimailfortinetz cfgretrymodecpython mzfortigatecpython mbcpython mdd cfgretrymodecpythonserviceadjustscoroxyuser agentsobservedbec compromisecpython me
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (7)
All domain
TYPEINDICATORDESCRIPTIONCREATED
domain cdnbenin.com 2025-11-02
domain cfp-impactaction.com 2025-11-02
domain majoor.co 2025-11-02
domain major.co 2025-11-02
domain novainways.com 2025-11-02
domain restaurantalhes.com 2025-11-02
domain zoominfopay.com 2025-11-02
References (1)
↗ https://www.fortinet.com/blog/threat-research/cloud-abuse-at-scale