Skip to content
Threat Feed

Tag

Route53

4 briefs RSS
medium advisory

AWS Route 53 Resolver Query Log Configuration Deleted

Detection of the deletion of an Amazon Route 53 Resolver Query Log Configuration, potentially stopping DNS query and response logging for associated VPCs, which can be used by adversaries to evade detection and suppress forensic evidence.

AWS Route 53 Resolver aws cloudtrail route53 defense_evasion
2r 1t
high advisory

AWS Route 53 Domain Transfer Lock Disabled

The disabling of the transfer lock on an AWS Route 53 domain is detected, potentially indicating unauthorized domain transfer, takeover, or service disruption by an adversary gaining domain-management permissions.

Route 53 aws route53 domain-hijacking persistence
2r 3t
medium advisory

AWS Route 53 Private Hosted Zone Associated With Unauthorized VPC

An adversary with sufficient permissions may associate unauthorized VPCs to intercept, observe, or reroute internal traffic, establish persistence, or expand their visibility within an AWS environment by associating a Route 53 private hosted zone with a new Virtual Private Cloud (VPC).

Route 53 cloud aws route53 persistence
2r 3t
high advisory

AWS Route 53 Domain Transferred to Another Account

An AWS Route 53 domain was transferred to another AWS account, potentially leading to unauthorized control over DNS records and traffic redirection for malicious purposes, such as phishing or establishing persistence.

Route 53 aws route53 domain-transfer persistence resource-development
2r 2t