惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
博客园 - 【当耐特】
Microsoft Azure Blog
Microsoft Azure Blog
WordPress大学
WordPress大学
Stack Overflow Blog
Stack Overflow Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
Cloudbric
Cloudbric
The Register - Security
The Register - Security
小众软件
小众软件
PCI Perspectives
PCI Perspectives
G
Google Developers Blog
AI
AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
Google DeepMind News
Google DeepMind News
宝玉的分享
宝玉的分享
Recent Commits to openclaw:main
Recent Commits to openclaw:main
量子位
TaoSecurity Blog
TaoSecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
F
Full Disclosure
N
Netflix TechBlog - Medium
博客园_首页
Last Week in AI
Last Week in AI
A
Arctic Wolf
B
Blog RSS Feed
J
Java Code Geeks
C
Cybersecurity and Infrastructure Security Agency CISA
I
InfoQ
aimingoo的专栏
aimingoo的专栏
云风的 BLOG
云风的 BLOG
NISL@THU
NISL@THU
MyScale Blog
MyScale Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Jina AI
Jina AI
有赞技术团队
有赞技术团队
S
Schneier on Security
L
Lohrmann on Cybersecurity
P
Privacy & Cybersecurity Law Blog
T
Threat Research - Cisco Blogs
P
Palo Alto Networks Blog
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
Security Latest
Security Latest
Vercel News
Vercel News
博客园 - 司徒正美
Webroot Blog
Webroot Blog
Hacker News: Ask HN
Hacker News: Ask HN
A
About on SuperTechFans

The Register - Security: CSO

Anthropic's Mythos has The Kettle crew curious, skeptical 'People's Panel' to check if UK wants controversial Digital ID will cost £630K Top npm package backdoored to drop dirty RAT on dev machines Lightning-fast exploits mean patch fast, says Cisco Talos Lightning-fast exploits mean patch fast, says Cisco Talos Smooth criminals talking their way into cloud environments, Google says Cybercrime up 245% since the start of the Iran war Scattered Lapsus$ Hunters seeks women to defraud helpdesks Every day in every way, passwords are getting worse CISA quietly updated ransomware flags on 59 flaws last year Deepfake job seeker applied to work for an AI security firm Deepfake job seeker applied to work for an AI security firm AI-powered cyberattack kits are 'just a matter of time' AI-powered cyberattack kits are 'just a matter of time' FortiGate SSO bug still exploitable despite December patch FortiGate SSO bug still exploitable despite December patch Judge tosses CrowdStrike shareholder suit over 2024 outage DRAM shortage may drive firewall prices higher: analysts Ransomware attacks kept climbing in 2025 as gangs refused to stay dead Around 1,000 systems compromised in ransomware attack on Romanian water agency 1,000 systems pwned in Romanian Waters ransomware attack Half of exposed React servers remain unpatched amid attacks CISA warns spyware crews are breaking into Signal and WhatsApp accounts FCC guts Salt Typhoon telco rules despite espionage risk CISA orders feds to patch Oracle Identity Manager zero-day SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere SEC bails on SolarWinds lawsuit Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood Palo Alto kit sees massive surge in malicious activity Countries use cyber targeting to plan strikes: Amazon CSO Overconfidence is the new zero-day as teams stumble through cyber simulations UK's Cyber Security and Resilience Bill makes Parliamentary debut Cyber insurers paid out over twice as much for UK ransomware attacks last year Cyberpunks mess with Canada's water, energy, and farm systems Trump's workforce cuts blamed as America's cyber edge dulls Feds flag active exploitation of patched Windows SMB vuln How malware vaccines could stop ransomware's rampage Salesforce refuses to pay ransomware crims' extortion demand Germany slams brakes on EU's Chat Control snoopfest Germany slams brakes on EU's Chat Control snoopfest Employees regularly paste company secrets into ChatGPT Oracle tells Clop-targeted EBS users to apply July patch Red Hat repos raided, claims cybercrew, files stolen Suspected Chinese spies broke into 'numerous' enterprises UK gov acknowledges 'strong case' for JLR financial support JLR extends shutdown – again – as toll on workers laid bare UK chancellor blames cyberattacks on Russia despite evidence Fortra discloses 10/10 severity bug in GoAnywhere MFT Entra ID bug could have granted access to every tenant UEFI Secure Boot for Linux Arm64 – where do we stand? JLR says cyber cleanup to take additional week Insider blamed for FinWise data breach affecting nearly 700K Nork snoops whip up fake military ID with help from ChatGPT UK government dragged for incomplete security reforms Church of England abuse victims exposed by lawyer's email US spy chief claims UK backdown on Apple backdoor demand Workday confirms CRM breach via social engineering Black Hat/DEF CON: AI more useful for defense than hacking Ex-White House cyber guru talks Microsoft security fails CISA releases malware analysis for Sharepoint Server attack China: US spies used Microsoft Exchange 0-day to steal info Security pros drowning in threat-intel data Identity attacks surge 156% as phishermen get craftier Organizations can’t keep up with supply chain security musts UK data watchdog fines 23andMe £2.3M over 2023 breach Employers are demanding too much from junior cyber recruits FCA warned four staffers who pocketed regulator data Ransomware just wrecked your network – now what? Ivanti RCE attacks 'ongoing,' exploitation hits clouds Ex-NSA listened to Scattered Spider's calls: 'They're good' Snowflake CISO talks lessons learned from breaches, improv Why CVSS is failing us and what we can do about it Infosec pros still aren't nailing the basics of AI security Ransomware crims targeting systems between IT and operations Why aggregating asset inventory leads to better security NCSC and industry at odds over how to tackle shoddy software Powerschool extortionists may not have deleted stolen data CrowdStrike trims workforce by 5 percent, aims to rely on AI NSO Group must pay Meta $168M in WhatsApp spy case Ghost in the shell script: Boffins seek code correctness How Intruder finds what others miss in cloud security Linux malware can avoid syscall-based endpoint protection Infosec pro blabs about alleged malware mishap on LinkedIn The future of AI in cybersecurity in a word – optimistic CVE board 'kept in the dark' on funding, members say Security snafus caused by third parties up from 15% to 30% Blue Shield shared 4.7M people's health info with Google Ads Who needs phishing when your login's already in the wild? US cyber defenses are being dismantled from the inside Bug hunter obtains an SSL cert for Alibaba Cloud in 5 steps
Amazon CISO: Iranian hacking crews ‘on high alert’
Jessica Lyons Jessica Lyons · 2025-06-18 · via The Register - Security: CSO

CSO

Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack

Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI

INTERVIEW Iran's state-sponsored cyber operatives and hacktivists have all increased their activities since the military conflict with Israel erupted last week – but not necessarily in the way that Amazon chief information security officer CJ Moses expected.

Like most world powers and wannabes, Iran has a substantive crew of government-supported hackers who do all of the usual cyber dirty work for the state: espionage, meddling in elections , spear phishing, stealing data and credentials, deploying ransomware, and in some cases breaking into water utilities and other critical infrastructure.

"Each of the different threat actors has a different goal," Moses told The Register, adding that Amazon has learned something interesting about the Iranians: "As opposed to what we saw in Russia when they invaded Ukraine, we haven't seen a change in their goals."

Before Russia invaded Ukraine, the Kremlin's state-backed or state-permitted ransomware crews switched to wiper malware, which permanently destroyed data on critical systems to support the invasion.

Iran’s cyber-warriors haven’t done the same, Moses said.

"It's been increased activity in most cases, but of the same type," he added. "It's trying to gain access for whatever that particular threat actor was into in the past, whether financial gain, or theft of intellectual property. The biggest takeaway I had from it: It's essentially a high alert, everybody go to work, but the methods and what they are doing haven't changed."

Moses said Amazon's threat intel team hasn't spotted any destructive cyberattacks since the armed conflict began. "Which is what we expected," he said. "It may lead back to what are the goals of those particular organizations or teams. Of the things they had access to, how detrimental or beneficial to them in light of what was going on."

This may indicate a desire to maintain access to certain critical networks or systems for future use, depending on how the military component plays out, he noted.

It's been increased activity in most cases, but of the same type, whether financial gain, or theft of intellectual property.

Moses also won't say which Tehran-linked cyber-crews he's talking about as Amazon doesn't disclose its threat-group naming taxonomy. The CISO did note that "we intentionally, internally, name them differently."

Another thing that has surprised Moses (so far) about the cyber piece of Iran's attack strategy is its disinterest in AI.

"We haven't seen as much as the migration towards gen AI or agentic AI from some of those threat actors," he said.

This is unusual because some of the other gangs that Amazon tracks, both nation-state and financially motivated, "are doing agentic handoffs" that see them use various AI agents for each part of the attack chain. One agent scans for vulnerabilities, and once it spots those, it hands off the work to a different agent that works to exploit the flaw, and so on, until the criminals achieve their goal.

"That's becoming, dare I say, normal," Moses said.

Agentic AI gives attackers a speed boost

AWS runs a network of honeypots across its infrastructure known as MadPot, and uses tens of thousands of sensors to monitor criminals' attempts to connect with decoys deployed in the honeypots.

"In the past, we would put a newly vulnerable instance out there and within 90 seconds it's scanned and within three minutes somebody will attempt to take it over," Moses said. "That timeline is changing significantly because of chained agentic AI capabilities."

Amazon now sees attackers attempt to hijack the vulnerable instance "in near-real time," Moses said, and credited AI agents for the speedier attacks. That means network defenders have a lot less time to protect their organizations.

"The agents are designed to do roughly one thing," he explained. "You start off with the first, it selects what is next based on its outcome, and you chain them together to get to the outcome that you predetermine, everything from gaining access to if you are a criminal actor, trying to glean any financial capabilities out of that, or if you are a nation state actor, establishing a beachhead and performing reconnaissance from there."

You have a whole new generation of script kiddies using agentic AI

Meanwhile, the number of threat groups that Amazon tracks has increased between 30 percent and 35 percent over the past eight months for a similar reason, according to Moses.

"We attribute that back to the ability for non-software developers to get into the space, and either use agents or AI generated code," he said. "You have a whole new generation of script kiddies using these tools but they aren't just fumbling their way through things, they have gen AI upleveling them."

The silver lining in all of this is that AWS also uses AI agents, and is chaining them to complete various parts of attacks in its red-teaming exercises to protect its infrastructure and customers.

"It's this agentic battle going on, if you will,” Moses said. ®