A threat actor being tracked as “Hazy Hawk” has been found to be using a new version of an attack vector to take control of abandoned cloud resources. The attacker is using these hijacked domains to send users to malware-infected sites, scam pages, and other shady websites for malicious activity. Victims of Hazy Hawk so far include federal and regional government entities around the globe, various universities, healthcare companies, the U.S. Center for Disease Control and Prevention (CDC), and other large corporations such as Deloitte. Interestingly, the malicious actor is not using the domains for espionage, but instead to send them to other scam applications.

Read more: https://www.darkreading.com/cloud-security/hazy-hawk-cybercrime-gang-cloud-resources