Product
Adversaries can exploit the creation of AWS Lambda event source mappings to establish stealthy persistence and execution, or to continuously siphon records from event sources like Amazon SQS, Kinesis, DynamoDB, MSK, Kafka, or MQ, by mapping an event source to an attacker-controlled Lambda function, enabling durable execution and data exfiltration without requiring further interactive access.