Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts - Help Net Security

Attackers are exploiting AiTM phishing kits and typosquatted domains to hijack AWS accounts, luring cloud administrators with fake security alerts to a cloned AWS Management Console sign-in page. This sophisticated attack allows threat actors to capture credentials and MFA codes in real-time, potentially leading to unauthorized access, data breaches, and resource manipulation within cloud environments.