Tag

Attack.t1078.002

1 brief RSS

Malicious Usage of AWS IMDS Credentials Outside of Expected Services

Compromised EC2 instances may be leveraged to exfiltrate and misuse AWS Instance Metadata Service (IMDS) credentials to perform actions outside of the expected AWS Simple Systems Manager (SSM) service, indicating potential lateral movement or data exfiltration.

EC2 attack.privilege-escalation attack.initial-access attack.persistence attack.stealth attack.t1078 attack.t1078.002

2r 3t Jul 11, 2024