Cloud defenders! It's worth knowing that GetCallerIdentity is unnecessary in an intrusion. Threat actors can just as easily invoke an API call that doesn't log to CloudTrail and see in the resulting error message what principal they are using.
https://unit42.paloaltonetworks.com/javaghost-cloud-phishing/

Comments

Posting Rules

  • Be respectful to others
  • No spam or self-promotion
  • Stay on topic
  • Follow Bluesky's terms of service