AWS - ECS Persistence
ECS
For more information check:
Hidden Periodic ECS Task
TODO: Test
An attacker can create a hidden periodic ECS task using Amazon EventBridge to schedule the execution of a malicious task periodically. This task can perform reconnaissance, exfiltrate data, or maintain persistence in the AWS account.
Backdoor Container in Existing ECS Task Definition
TODO: Test
An attacker can add a stealthy backdoor container in an existing ECS task definition that runs alongside legitimate containers. The backdoor container can be used for persistence and performing malicious activities.
Undocumented ECS Service
TODO: Test
An attacker can create an undocumented ECS service that runs a malicious task. By setting the desired number of tasks to a minimum and disabling logging, it becomes harder for administrators to notice the malicious service.
Last updated