Crimson Collective

Researchers at Rapid7 said the Crimson Collective has been exploiting exposed AWS credentials to create privileged IAM users, export database and storage snapshots for exfiltration, and issue extortion demands; AWS recommended using short‑term, least‑privileged credentials and provided remediation guidance.