The Reveal Platform
Intel Name: Cloud abuse at scale
Date of Scan: November 3, 2025
Impact: Medium
Summary: Identity compromise remains a major threat to cloud infrastructure, allowing attackers with valid credentials to evade traditional security controls. In AWS, such compromises often involve abuse of the Simple Email Service (SES) for illicit email operations. Recent investigations revealed a campaign where stolen AWS credentials were used to exploit SES. This activity uncovered TruffleNet, an attack infrastructure built around the open-source tool TruffleHog for credential testing and reconnaissance. Adversaries further leveraged compromised accounts to conduct large-scale Business Email Compromise (BEC) campaigns.
