It says they use publicly exposed or leaked IAM keys with RW permission to do this, in case anybody is interested in how they get in.
this post was submitted on 14 Jan 2025
39 points (95.3% liked)
Technology
60450 readers
5230 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
While this is more an issue with compromise credentials and not a flaw in AWS exactly, I think AWS should just deprecate the use of IAM Access Keys altogether, and have newly issued keys auto expire after 90 days, requiring human intervention to extend the lifetime if absolutely necessary. Had these companies used IAM roles for their services, they would not be in this situation, but that approach requires more effort, so people go with the lazy access key solution.
And just to be clear, using IAM roles doesn't require much effort either, even when you need to sync with an external auth provider such as AD (I know, ewww, but you have to live in the world as it is rather than the one you'd like it to be).
Let me guess next step is making sure aws has a backdoor. For security purposes obviously.