Defending Against JavaGhost: Securing Your Cloud Environments

Defending Against JavaGhost: Preventing Abuse of Your Cloud Environments for Cyber Attacks 🎙️ Margaret Kelley, Principal Consultant, Palo Alto Networks Unit 42 📍 Presented at SANS CloudSecNext Summit 2025 Over the last 3 years, Unit 42 has performed multiple investigations relating to the threat actor group "JavaGhost," which targeted organizations’ AWS environments. This group utilizes stolen access keys to gain entry into the victim environment, establishes advanced persistence and then sets up their own infrastructure to continue their attacks against further victims. As a result, victims then foot the bill for this infrastructure and causes a reputational and legal headache. This presentation will cover common methodologies which JavaGhost uses to create their phishing infrastructure in addition to tactics employed within compromised cloud environments to establish long-term persistence. Lastly, we will discuss a comprehensive approach to detecting and preventing this form of attack from happening to your organization’s AWS environment. #JavaGhost #CloudSecurity #AWSSecurity