1) some 20 organisations were created within our Root all with email id with same domain (co.jp)
2) attacker had created multiple fargate templates
3) they created resources in 16-17 AWS regions
4) they requested to raise SES,WS Fargate Resource Rate Quota Change was requested, sage maker Notebook maintenance - we have no need of using these instances (recd an email from aws for all of this)
5) in some of the emails i started seeing a new name added (random name @outlook.com)
It does sound like you've been compromised by an outfit that has got automation to run these types of activities across compromised accounts. A Reddit post[0] from 3 years ago seems to indicate similar activities.
Do what you can to triage and see what's happened. But I would strongly recommend getting a professional outfit in ASAP to remediate (if you have insurance notify them of the incident as well - as often they'll be able to offer services to support in remediating), as well as, notify AWS that an incident has occurred.
I am from the same team & i can concur with what you are saying. I did see a warning about the same key that was used in todays exploit about 2 years ago from some random person in an email. but there was no exploutation till yesterday.
This is it. I had the same thing happen to me a year ago and there was a month between the original access to our system and the attack. And similarly they waited until a perceived lull in what might be org diligence (just prior to thanksgiving) to attack.
I am founder of DronaHQ - low code platform. Interestingly Today we launched AI capability to build internal tools with AI in beta. The idea here is to marry the power of LLMs and underlying low code platform to get to the end state even faster.
But I do see the merit in this thinking that LLMs can eat LCNC platforms for breakfast. However I am excited to see how with time a near perfect applications can be churned out with about 80-90% work done and engineers can figure the last few miles and reach the finish line but 50x faster.
I would argue thats an LLM spec --> Generate probabilistic output with a degree of confidence on the output nearing p(1). IMHO End users are supposed to not take the output of these machines as is but rather iterate on top and finish their task in lesser time.
seems one additional user was added and that payment failed due to credit card expired. This made them downgrade the plan for about 80+ users in our account. It is their policy.
Pricing is always tricky. One pricing never fits all use case. So we have worked hard to offer pricing options like usage based pricing/ dev based pricing in addition to user based pricing.
Was curious to apply your use case and see if our pricing model maximises ROI.
Disclaimer: I am co-founder at a retool alternative platform for building internal tools and enterprise apps.
Will add! For what it's worth, it's just my own internal list of tools in this space.
I have a few dozen such lists, I'll review one or two of them when building new things in a specific domain that might benefit from such tooling.
No requirement for open source, but I call it out explicitly in my notes since I do mostly use open source/self-hostable tooling, especially when working with nonprofits.
we bring the power of vibe code -- build anything frontend and marry them to advantages of low code -- SSO, RBAC, etc.
I would love your feedback.