[SentinelOne] Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife
SentinelLabs has identified a new toolkit dubbed AlienFox that attackers are using to compromise email and web hosting services. AlienFox is highly modular and evolves regularly.
![[SentinelOne] Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife](/content/images/size/w1200/2023/04/alienfox.png)
Executive Summary
- SentinelLabs analyzed several iterations of “AlienFox,” a comprehensive toolset for harvesting credentials for multiple cloud service providers.
- Attackers use AlienFox to harvest API keys & secrets from popular services including AWS SES & Microsoft Office 365.
- AlienFox is a modular toolset primarily distributed on Telegram in the form of source code archives. Some modules are available on GitHub for any would-be attacker to adopt.
- The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for cryptomining, in order to enable and expand subsequent campaigns.
- Along with our thorough analysis of different AlienFox iterations, we provide a full list of indicators of compromise, YARA rules, and recommendations in the full report.
Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife
A sophisticated new toolset is being used to harvest credentials from multiple cloud service providers, including AWS SES and Microsoft Office 365.
Alex Delamotte
![[NetworkSecurity] BGP Flaw Can Be Exploited for Prolonged Internet Outages #CVE-2023-38802](https://images.unsplash.com/photo-1446776653964-20c1d3a81b06?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=M3wxMTc3M3wwfDF8c2VhcmNofDE1fHxuZXR3b3JrfGVufDB8fHx8MTY5MzQwMjczOXww&ixlib=rb-4.0.3&q=80&w=960)
![[Mashable] Discord.io suffers massive data breach, announces closure](https://images.unsplash.com/photo-1614680376739-414d95ff43df?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=M3wxMTc3M3wwfDF8c2VhcmNofDF8fGRpc2NvcmR8ZW58MHx8fHwxNjkyNzYwMTg4fDA&ixlib=rb-4.0.3&q=80&w=960)
![[Ubuntu] USN-6250-1: Linux kernel vulnerabilities (severe!)](https://images.unsplash.com/photo-1629654291663-b91ad427698f?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=M3wxMTc3M3wwfDF8c2VhcmNofDF8fHVidW50dXxlbnwwfHx8fDE2OTA0MzkxODF8MA&ixlib=rb-4.0.3&q=80&w=960)
![[tom's hardware] AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4 (Updated)](https://images.unsplash.com/photo-1591799264318-7e6ef8ddb7ea?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=M3wxMTc3M3wwfDF8c2VhcmNofDV8fGFtZHxlbnwwfHx8fDE2OTAzOTA5OTd8MA&ixlib=rb-4.0.3&q=80&w=960)