An ongoing campaign is targeting Amazon Web Services (AWS) customers by exploiting compromised Identity and Access Management (IAM) credentials for cryptocurrency mining. First detected by Amazon’s GuardDuty on November 2, 2025, the attackers utilize innovative persistence techniques to evade detection. This activity poses significant risks to AWS users, emphasizing the need for enhanced security measures. AWS continues to monitor the situation and advise customers on protecting their accounts.
