What is the Attack?FortiGuard Labs Threat Team has observed recent attacks by a Threat Actor dubbed “EC2 Grouper” that leverages AWS tools for PowerShell to carry out cloud-based attacks. It leverages APIs to inventory EC2 types and available regions before executing further API calls iteratively. The Threat Actor is seen using techniques that enable remote access and lateral movement within cloud environments. EC2 Grouper is a highly active threat actor frequently involved in cloud identity compromises, observed across numerous customer environments over the years. To learn more, see the detailed Threat Blog: Catching “EC2 Grouper”- No Indicators Required! | FortiGuard LabsWhat is the recommended Mitigation?Detecting illicit use of valid cloud credentials is challenging, as most attacks lack unique indicators. By correlating weak signals, such as environmental anomalies and API usage patterns, composite alerting enhances detection accuracy significantly. For detailed guidance and Threat report, visit Fortinet’s Threat Blog | FortiGuard LabsWhat FortiGuard Coverage is available?Lacework FortiCNAPP: Cloud detection and response (CDR) addresses cloud identity compromises and uses composite alerting for enhanced detection.Lacework FortiCNAPP enhances detection efficacy and integrates CIEM to assess the impact of compromised identities.Read more about how Lacework FortiCNAPP can secure your cloud environment.
More Stories
chromium-135.0.7049.52-2.fc40
FEDORA-2025-609ed3aaa7 Packages in this update: chromium-135.0.7049.52-2.fc40 Update description: Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067:...
chromium-135.0.7049.52-1.fc41
FEDORA-2025-98dd4c4639 Packages in this update: chromium-135.0.7049.52-1.fc41 Update description: Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067:...
chromium-135.0.7049.52-2.el9
FEDORA-EPEL-2025-eb7e3d90f5 Packages in this update: chromium-135.0.7049.52-2.el9 Update description: Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067:...
chromium-135.0.7049.52-2.fc42
FEDORA-2025-c4a9f54d14 Packages in this update: chromium-135.0.7049.52-2.fc42 Update description: Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067:...
USN-7413-1: Linux kernel (IoT) vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...
USN-7406-4: Linux kernel (Azure FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...