Tracking Down the Amazon Q Attacker Through Deleted PRs Reveals Suspicious Activity But No Smoking Gun
AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.
In fact, this token gave the attacked write access to AWS Toolkit, IDE Extension and Amazon Q.
The blog also details that the attacker gained access by exploiting a vulnerability in the CodeBuild and using memory dump to grab the tokens. That confirms our suspicion.
A key question remains – how did the attacker compromise this token?
Evidence are getting deleted fast
Our earlier findings were based on analysis of GH Archive and the Github user lkmanka58.
GH Archive gives us commit SHAs.
Github never forgets SHAs.
So we can always looks at the commit’s code even if the branch or tag gets deleted.
In our case, this was instrumental to find and analyze (1) the stability tag where the attacker hid the prompt payload, (2) lkmanka58’s prior activity.
On that second point:
Since the user lkmanka58 is now delete along with their repos, we can no long look at the code of this repo.
Fortunately, I looked at it yesterday before it got deleted.
On June 13th lkmanka58 created a repo lkmanka58/code_whisperer playing around with aws-actions/configure-aws-credentials@v4 trying to assume role arn:aws:iam::975050122078:role/code_whisperer.
This led me down this goose chase. Before you go on, please know that this thread doesn’t end with any new and meaningful information. Just more open threads. I’m sharing this hoping that others can join in pulling on them.
In the post below:
I discover a new GitHub user Frank97Tyler who had suspicious interactions with the aws repo in early June.
The user and all of their interactions were deleted.
I go on a scavenger hunt.
It results in an auto-generated outlook email, indication of use of codespaces, and no indirection of compromise.
