Cyber Security News

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials

BleepingComputer
Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
Summary: A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in AWS EC2 instances, allowing attackers to extract sensitive EC2 Metadata, including IAM credentials. This access facilitated privilege escalation and potential exposure of sensitive data across AWS services. F5 Labs discovered the activity, which peaked between March 13 and 25, 2025, highlighting a single threat actor’s systematic approach.

Affected: AWS EC2 Instances

Keypoints :

  • The campaign exploited SSRF flaws in EC2-hosted websites to query internal EC2 Metadata URLs.
  • Attackers used various query parameters and subpaths to systematically exfiltrate sensitive data.
  • The exploitation primarily targeted instances using IMDSv1, which lacks session token security measures seen in IMDSv2.

Source: https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint