The number of hostile nation-state hacking operations is rising as new countries invest in cyber intrusion campaigns and existing state-backed attack groups take advantage of the rise in organisations adopting cloud applications.
Crowdstrike’s 2022 Global Threat Report details how the cyber threat landscape has evolved throughout the last year. One of those developments is the rise of new countries engaging in offensive cyber operations, including Turkey and Columbia.
In accordance with Crowdstrike’s naming conventions, attacks by Turkish linked groups are detailed as attacks by ‘Wolf’ while attacks by Columbian operations have been Dubbed ‘Ocelot’ – in a similar way to how the cybersecurity names Russian-government backed activity ‘Bear’ or Chinese hacking groups ‘Panda’.
Activity by one of these new groups is detailed in the report; a Turkish based hacking group, dubbed Cosmic Wolf by researchers, targeted data of an unspecified victim stored within an Amazon Web Services (AWS) cloud environment in April 2021.
The attackers were able to break into the AWS cloud environment using stolen usernames and passwords, which also provided the attackers with the privileges required to alter command lines. That means they were able to alter security settings to allow direct Secure Shell Protocol (SSH) access to AWS