IOC Radar
TLP:WHITE3 IOCs

Hackers Use Cloned AWS Console Login Pages to Capture MFA Codes and Replay Credentials

CP
Cyber Press
Published June 25, 2026Original Report

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREaws-central.us-west-l…aws.us-west-login.comaws.us-east-prod.comCAPABILITYunknownVICTIMunknown
Adversary
Infrastructure(3)
Capability
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise3

TypeIndicatorConfidenceScoreFirst Seen
Domainaws-central.us-west-login.com
intel-blognetworkphishing
High
58
Jun 25, 26
Domainaws.us-west-login.com
intel-blognetworkphishing
High
58
Jun 25, 26
Domainaws.us-east-prod.com
intel-blognetworkphishing
High
58
Jun 25, 26

IOC Relationship Graph

IOC Relationship Graph3 total IOCs
Domain
Domain3REPORTHackers Use Cloned AWS Con
scroll to zoom · drag to pan · click IOC to open