Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls

Amazon Threat Intelligence discovered Interlock ransomware exploiting a zero-day vulnerability in Cisco Secure Firewall Management Center (CVE-2026-20131) prior to public disclosure, recovered a misconfigured attacker staging server exposing their full operational toolkit (custom backdoors, reconnaissance scripts, proxy laundering, and negotiation infrastructure), and provided IoCs and mitigation guidance to defenders.