
Hackers Use Cloned AWS Console Login Pages to Capture MFA Codes and Replay Credentials
Between June 16 and 19, 2026, Datadog Security Research uncovered a highly targeted phishing campaign aimed at Amazon Web Services (AWS) users. Threat actors deployed sophisticated adversary-in-the-middle (AiTM) techniques to steal login credentials and capture multi-factor authentication (MFA) codes in real time. The attackers targeted a curated list of fewer than 50 individuals, primarily software […]
The post Hackers Use Cloned AWS Console Login Pages to Capture MFA Codes and Replay Credentials appeared first on Cyber Security News.