THREATOPS
THREAT OPSThreat News › Behind the console: An AiTM phishing kit harvesting AWS console credentials and beyond

Behind the console: An AiTM phishing kit harvesting AWS console credentials and beyond

lowdatadog_seclabsPublished 2026-06-24

Datadog Security Research investigates a June 2026 adversary-in-the-middle phishing campaign that cloned the AWS console login page to harvest victim credentials and multi-factor authentication codes.

MITRE ATT&CK techniques

Original source: https://securitylabs.datadoghq.com/articles/behind-the-console-aws-aitm-phishing-kit-and-beyond/