TruffleNet: Cloud Credential Abuse for BEC Fraud

Fortinet’s FortiGuard Labs identified a widespread cloud abuse campaign, TruffleNet, exploiting stolen AWS credentials for large-scale Business Email Compromise (BEC) and email fraud. The campaign leverages over 800 unique hosts across 57 networks, showcasing advanced automation and operational discipline. Attackers use tools like TruffleHog and Portainer to validate credentials and orchestrate fraudulent activities, resulting in significant financial losses and data breaches.