Threat Intelligence Report

Behind the console: An AiTM phishing kit harvesting AWS console credentials and beyond

📅 June 24, 2026 📰 securitylabs.datadoghq.com 🔍 0 CVE(s) referenced

A sophisticated phishing campaign leveraged adversary-in-the-middle (AiTM) techniques and convincing AWS console clones to harvest both credentials and real-time MFA codes from carefully selected engineering targets, making AWS console phishing a critical and ongoing threat.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle