Public Cloud Security Breaches Documenting their mistakes so you don't make them.
Posts with the tag IMDSv1:

UNC2903

Mandiant identified a new threat actor, UNC2903, attempting to harvest and abuse credentials using Amazon’s Instance Metadata Service (IMDS). Mandiant observed that UNC2903 scanned the internet for a particular vulnerability and utilized a relay box to carry out exploitation and related IMDSv1 abuse.