AWS Domain Attack Takes Down Kodex Global's Law Enforcement Platform
AWS, the domain registrar for Kodex Global, was targeted in a social engineering attack that temporarily disabled the software platform used by law enforcement agencies and major tech companies worldwide. The incident occurred on October 1, affecting services for over four hours.
The attacks, which also targeted organizations in South America and Greece, exploited a vulnerability in AWS' systems. The attackers managed to convince AWS to freeze Kodex's domain, taking down the company's website, portal, API, and some email services. The outage lasted from 08:54 to 12:47 EDT.
Kodex Global, which manages subpoenas and data requests for over 15,000 government agencies and tech giants like AT&T, Binance, and OpenAI, issued a warning mere hours before the attack about compromised domains. However, the identity of the attackers remains unknown. An AWS spokesperson confirmed the issue was resolved once they were alerted.
Had the attack been more successful, potential consequences could have included intercepting Kodex's emails or gaining control of accounts with access to MFA authentication resets. Fortunately, Kodex Global reported no customer data was accessed, and the company itself was not breached. Attackers also attempted to transfer Kodex's domain to a different registrar.
The incident serves as a reminder of the potential vulnerabilities in domain management systems and the importance of robust security measures. Kodex Global and AWS have both assured users that the issue has been resolved, and no customer data was compromised. However, the investigation into the attack's origins continues.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Over 5,600 Road Safety Violations Caught in Manchester Trial
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
- Jaguar Land Rover's Cyberattack Halts Production, Impacting 100,000 Jobs
