Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
16 December 2025
An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining.
The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper