Infostealer Logs to Fuel a New Wave of AWS Ransomware Attacks

This report describes a growing threat where infostealer malware collects AWS credentials and session tokens that attackers can use to abuse native AWS services (e.g., S3 server-side features) to encrypt or exfiltrate cloud data, effectively enabling ransomware campaigns against cloud environments; it references Halcyon's findings on "Codefinger" and recent breaches (Telefonica, Schneider Electric, Gravy Analytics) as real-world examples and recommends monitoring, least-privilege access, MFA, key rotation, and behavioral cloud monitoring.