AWS API calls indicating setup of mass mailer script
Description
AlphaSOC detected AWS API calls indicating the setup of a mass mailer script. Mass mailer scripts are tools designed to send large volumes of emails, often exploited by threat actors to send spam emails, launch phishing campaigns, or distribute malware attachments.
Impact
These API calls may indicate an ongoing compromise and potential misuse of AWS resources for malicious email campaigns. This can damage the organization's reputation, lead to blacklisting of IP addresses and domains, and potentially compromise other systems.
Severity
Severity | Condition |
---|---|
High | AWS API calls indicating setup of mass mailer script |
Investigation and Remediation
Review AWS CloudTrail logs to investigate the account associated with the API calls and determine whether the actions were authorized. If unauthorized, reset the affected account credentials and assess the extent of potential damage.
Known False Positives
- Legitimate large volume email campaigns