Fortinet researchers detail TruffleNet, a distributed campaign abusing AWS SES with stolen credentials and Portainer-managed hosts.

Adversaries automate reconnaissance with TruffleHog, query APIs like GetSendQuota and CreateEmailIdentity, then run BEC scams using DKIM keys from compromised WordPress domains.

Identity compromise continues to outpace cloud defenses - behavioral analytics, IAM hygiene, and API-level monitoring are critical.

How are you detecting credential-based abuse that looks “legit”?

#CloudSecurity #TruffleNet #AWS #SES #ThreatIntel #BEC #IdentityAbuse #ZeroTrust #CyberSecurity #TechNadu