A new report from Elastic details how threat actors are abusing Amazon Web Services (AWS) Simple Notification Service (SNS) for malicious activities, including data exfiltration and phishing campaigns. The research, born from an internal collaboration involving the use of SNS for data exfiltration in a whitebox exercise, sheds light on potential abuse techniques and detection opportunities.

‍