Crimson Collective Targets AWS Environments for Data Extortion

Cyber Security News by CyberSum.net

Published on October 8, 2025 at 11:23 PM

16 sources

The Crimson Collective threat group has been targeting AWS environments to steal data and extort companies. The group compromises long-term access keys and IAM accounts for privilege escalation. Using tools like TruffleHog, they discover exposed credentials and create new IAM users to gain full control. The attackers then exfiltrate data and send extortion notes to victims.

Also Read

GlassWorm Malware Targets Developers via OpenVSX and VS Code

A new supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm. The malware, installed an estimated 35,800 times, hides its malicious code using invisible characters and spreads using stolen account information. It uses the Solana blockchain for command-and-control, making takedown difficult, with Google Calendar as a backup option. The malware steals credentials for GitHub, npm, and OpenVSX accounts, as well as cryptocurrency wallet data from 49 extensions. It also deploys a SOCKS proxy and installs VNC clients for invisible remote access. The final payload, called ZOMBI, turns infected systems into nodes for cybercriminal activities.

By Cyber Security News by CyberSum.netOctober 20, 2025 at 09:00 PM