Threat Intelligence Report

NATS-as-C2: Inside a new technique attackers are using to harvest cloud credentials and AI API keys

📅 May 13, 2026 📰 webflow.sysdig.com 🔍 1 CVE(s) referenced

A threat actor has pioneered a sophisticated attack technique using a NATS server as covert command-and-control infrastructure to automate large-scale harvesting and real-time validation of cloud credentials and AI API keys, signaling a new, more resilient evolution in credential theft operations.

vendor

CVE-2026-33017

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle