Fresh and active AWS phishing campaign with 3 main domains:
cloud-recovery[.]us
cloud-recovery[.]net
aws[.]cloud-recovery[.]us
... with hands-on-keyboard activity 20 minutes after credentials are submitted
Christophe Tafani-Dereeper
Behind the console: Active phishing campaign targeting AWS console credentials
securitylabs.datadoghq.com/articles/beh...
securitylabs.datadoghq.com
Datadog Security Research identified an active adversary-in-the-middle (AiTM) phishing campaign targeting AWS Console credentials via typosquatted domains that mimic AWS infrastructure.
