FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits
Latest News on EC2 Grouper AWS Credential Exploits 2025
EC2 Grouper Hackers Identified by FortiGuard Labs
Researchers at FortiGuard Labs have identified a prolific attacker group known as “EC2 Grouper” who frequently exploit compromised credentials using AWS tools1. This group's activities highlight the ongoing threat of cloud credential compromises, particularly in AWS environments.
AWS Security Threat Analysis
Cloud Data Breaches on the Rise
According to a report by Thales, 44% of organizations have experienced a cloud data breach, with 14% reporting having had an incident in the past 12 months3. This trend underscores the increasing vulnerability of cloud environments to cyber threats.
AI-Driven Attacks
Cybercriminals are leveraging AI-driven techniques, including deepfakes and GPT models, for tasks such as image creation, translations, and phishing email templates to support criminal activities like know-your-customer (KYC) bypass and telephone-oriented attack delivery (TOAD)3. These advanced malicious uses of AI pose significant risks to traditional identity verification measures, including multifactor authentication (MFA).
Cloud Credential Compromise Methods
Exploitation of Legitimate Tooling
Cybercriminals are using legitimate tooling and functionality to complete illegitimate tasks, including the use of known cloud services as nodes in attacks, not limited to command-and-control (C2) infrastructure3. This trend indicates that attackers are increasingly exploiting the trust placed in cloud services to carry out malicious activities.
Social Engineering Techniques
Less technical attacks targeting high-value individuals via social engineering will continue to dominate, with campaigns utilizing better social engineering and alternate platforms like Microsoft Teams to spread malware3. These tactics include vishing via Microsoft Teams to deploy DarkGate malware and gain remote control over victim's computer networks.
Key Highlights
- EC2 Grouper Group: Identified by FortiGuard Labs as a prolific attacker group exploiting AWS credentials.
- Cloud Data Breaches: 44% of organizations have experienced a cloud data breach, with 14% reporting incidents in the past 12 months.
- AI-Driven Attacks: Cybercriminals are using AI for deepfakes, GPT models, and other malicious activities.
- Legitimate Tooling Exploitation: Attackers are using legitimate cloud services for illegitimate tasks.
- Social Engineering: High-value targets are being targeted via social engineering techniques, including vishing via Microsoft Teams.
These points collectively highlight the evolving nature of cloud security threats and the need for proactive measures to mitigate these risks.
