// Alert

AWS threat report

// AWSMEDIUM

Unit 42 researchers documented active attack techniques where threat actors disable or manipulate AWS CloudTrail logging to evade detection. Attackers can invoke the CloudTrail StopLogging API, delete log storage destinations, manipulate KMS encryption keys to render logs inaccessible, or redirect logs to attacker-controlled environments for persistent visibility. Organizations should enforce strict access controls on logging resources and leverage immutable log features.

// Get alerts for AWS