SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto

SCARLETEEL is a sophisticated cyber operation targeting cloud environments, primarily focusing on AWS and Kubernetes, to steal proprietary data and engage in cryptomining. Despite new security measures, the group has adapted its tactics, including exploiting AWS Fargate and Kubernetes, to escalate privileges and deploy cryptominers, potentially costing victims thousands of dollars daily. They utilize advanced scripts to steal AWS credentials, evade detection, and maintain persistence within compromised environments. The attackers also engage in privilege escalation by exploiting AWS policies and using tools like AWS CLI and Pacu to further their reach. Their operations include launching DDoS attacks as a service and employing tools such as Peirates for Kubernetes exploitation. The SCARLETEEL actors have enhanced their toolkit and command and control infrastructure, making detection more challenging and emphasizing the importance of layered defense strategies, including runtime threat detection, vulnerability management, and cloud security posture management to mitigate such threats.