Comment by aussieguy1234

2 months ago

They're scanning for credentials. If they can get things like AWS credentials, I would expect to see cloud crypto mining as their next move. So it would be a good idea to keep an eye on your infra if you are affected.

1 comment

aussieguy1234

Reply
lrvick  2 months ago

Anyone that has production AWS creds in the same operating system they randomly execute unreviewed code on the internet on should have their access revoked.