{"id":48662,"date":"2026-07-06T18:29:38","date_gmt":"2026-07-06T16:29:38","guid":{"rendered":"https:\/\/www.cloudmagazin.com\/?p=48662"},"modified":"2026-07-07T18:28:31","modified_gmt":"2026-07-07T16:28:31","slug":"eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all","status":"publish","type":"post","link":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/","title":{"rendered":"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took"},"content":{"rendered":"<p style=\"color:#0bb7fd;font-size:0.9em;margin:0 0 16px;padding:0;\">6 min read<\/p>\n<p><strong>On 28 November 2025 an attacker took over an entire AWS account in eight minutes-from the first stolen access key to full administrator privileges. The incident was documented by the security team at Sysdig. What makes it explosive is the speed: an AI handled reconnaissance and script generation in real time. The entry point itself was a well-known configuration error.<\/strong><\/p>\n<h2>Key Takeaways<\/h2>\n<ul>\n<li><strong>Eight minutes to admin:<\/strong> According to Sysdig, an attacker compromised an AWS account in under ten minutes. Starting with stolen keys from an open S3 bucket, they escalated to a self-created admin user.<\/li>\n<li><strong>The flaw sat in the config:<\/strong> A Lambda function carried an execution role with administrator rights. Anyone who could rewrite the function inherited those rights-no new exploit required.<\/li>\n<li><strong>The AI was the turbocharger:<\/strong> It wrote attack code and explored the account in real time. Mandiant still cites a 14-day industry median for attacks. The eight-minute case is the exception, enabled by very specific conditions.<\/li>\n<\/ul>\n<p style=\"font-size:0.88em;color:#666;margin:20px 0 32px 0;border-top:1px solid #e5e5e5;border-bottom:1px solid #e5e5e5;padding:10px 0;\"><span style=\"font-family:'SF Mono','Monaco','Consolas',monospace;color:#0879aa;font-weight:700;text-transform:uppercase;font-size:0.72em;letter-spacing:0.14em;margin-right:14px;\">Related:<\/span>How an Argo CD flaw opens the entire Kubernetes cluster&nbsp;&nbsp;<span style=\"color:#ccc;\">\/<\/span>&nbsp;&nbsp;<a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/28\/aws-and-azure-under-eu-scrutiny-the-lock-in-is-wobbling\/\" style=\"color:#333;text-decoration:underline;\">AWS and Azure under EU supervision<\/a><\/p>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">From open S3 bucket to admin key in eight minutes<\/h2>\n<p>The entry point was wide open. A publicly accessible S3 bucket held training data for an AI system, including valid access keys for an IAM user. That user had limited rights, but one permission was enough: it could modify the code of a specific Lambda function named EC2-init. Attached to the function was an execution role with administrator privileges.<\/p>\n<p>From there, everything moved at lightning speed. The attacker rewrote the function, triggered it to generate fresh access keys for a new admin user called \u201cfrick,\u201d and read the results straight from the function\u2019s response-no external server, no reverse shell. Next, they accessed 19 different AWS identities, created a second backdoor admin, and layered multiple persistence mechanisms.<\/p>\n<p>Then the bill arrived. Using the Amazon Bedrock AI service, the attacker invoked third-party language models at the victim\u2019s expense. At the same time, they spun up a GPU instance costing roughly \u20ac30 per hour to train their own models. AWS terminated the instance after five minutes due to capacity limits. The giveaway? Serbian comments and invented AWS account numbers in the code revealed that a language model had been co-authoring the attack.<\/p>\n<div class=\"evm-stat-highlight\" style=\"text-align:center;background:#004a59;border-radius:12px;padding:40px 24px;margin:32px 0;\">\n<div style=\"font-size:48px;font-weight:700;color:#0bb7fd;letter-spacing:-0.03em;line-height:1;\">8 minutes<\/div>\n<div style=\"font-size:15px;color:#fff;margin-top:12px;max-width:460px;margin-left:auto;margin-right:auto;line-height:1.5;\">is all it took the observed attack to escalate from a stolen key to full administrator access-an outlier scenario made possible by long-lived keys and an admin role bolted onto the wrong function.<\/div>\n<div style=\"font-size:12px;color:#0bb7fd;margin-top:12px;\">Source: Sysdig Threat Research Team, incident of 28 November 2025<\/div>\n<\/div>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">No Zero-Day, but a Chain of Known Flaws<\/h2>\n<p>The eight-minute figure sounds like a break from everything we know about cloud security. A closer look at the attack path shows the opposite. No unknown vulnerability, no AI-specific exploit. Each step exploited a documented misconfiguration.<\/p>\n<p>Long-lived access keys sat in a public bucket. A Lambda execution role carried admin rights it never needed. A weakly permissioned user could overwrite foreign function code. These three flaws together formed the chain. Each on its own has been known for years and is listed in every AWS hardening guide.<\/p>\n<p>The AI accelerated and automated the attack. It did not enable it. Anyone reading this case as proof that AI makes the cloud unsafe misses the real cause-and with it the place where defense works. The cause is fixable, entirely without AI countermeasures.<\/p>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">Why the Eight-Minute Figure Misleads<\/h2>\n<p>A second data point puts things in perspective. Google\u2019s security unit Mandiant analyzes hundreds of thousands of incident-response hours every year. In the M-Trends 2026 report dated March 23, one sentence contradicts the panic: \u201cDo not view 2025 as the year attacks originated directly from AI.\u201d<\/p>\n<p>The numbers back that up. The median dwell time of an attacker inside a network rose to 14 days in 2025, up from 11 the year before. In 52 percent of cases, companies discovered the breach themselves first. Exploited vulnerabilities remain the most common entry point at 32 percent, for the sixth year running. Most attacks still unfold on the scale of days and weeks.<\/p>\n<p>The eight-minute case is real, but it is the outlier, not the new normal. It only moved that fast because the conditions were perfect. For defenders, that\u2019s the good news: remove those conditions and you remove the foundation of a fast attack.<\/p>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">Five Steps to Harden AWS Accounts Now<\/h2>\n<p>No vendor patch fixes this because the issue lies in the setup. That\u2019s exactly where it can be fixed. The order is sorted by impact.<\/p>\n<ol>\n<li style=\"margin-bottom:10px;\"><strong>Eliminate long-lived keys.<\/strong> Replace permanent IAM keys with short-lived roles and temporary credentials as standard practice. A leaked key that expires after an hour no longer opens any doors.<\/li>\n<li style=\"margin-bottom:10px;\"><strong>Separate admin from execution roles.<\/strong> No Lambda function needs admin rights to do its job. Give each execution role exactly the permissions its function requires, no more.<\/li>\n<li style=\"margin-bottom:10px;\"><strong>Find public buckets.<\/strong> S3 buckets holding training data often end up exposed by accident. Regular scans for open buckets and any credentials inside them close the most common entry point.<\/li>\n<li style=\"margin-bottom:10px;\"><strong>Guard Bedrock with guardrails.<\/strong> Service Control Policies limit who can even launch expensive AI services and GPU instances. That caps the damage if an account is ever compromised.<\/li>\n<li><strong>Monitor runtime behavior.<\/strong> New admin users, unfamiliar Bedrock calls, and suddenly launched GPU instances are clear signals. Seeing them in real time lets you stop the attack mid-run.<\/li>\n<\/ol>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">Misconfiguration versus hardened setup<\/h2>\n<p>The difference between an eight-minute account compromise and a secure environment is not a new tool. It comes down to default settings that teams must know and enforce.<\/p>\n<div style=\"overflow-x:auto;-webkit-overflow-scrolling:touch;margin:16px 0 32px 0;\">\n<table style=\"width:100%;min-width:560px;border-collapse:collapse;font-size:0.95em;\">\n<thead>\n<tr style=\"background:#004a59;color:#fff;\">\n<th style=\"padding:12px 16px;text-align:left;border:1px solid #004a59;\">Aspect<\/th>\n<th style=\"padding:12px 16px;text-align:left;border:1px solid #004a59;\">The vulnerable case<\/th>\n<th style=\"padding:12px 16px;text-align:left;border:1px solid #004a59;\">Hardened setup<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"padding:12px 16px;border:1px solid #ddd;\"><strong>Access keys<\/strong><\/td>\n<td style=\"padding:12px 16px;border:1px solid #ddd;\">long-lived, stored in an open bucket<\/td>\n<td style=\"padding:12px 16px;border:1px solid #ddd;color:#004a59;font-weight:600;\">short-lived roles<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:12px 16px;border:1px solid #ddd;\"><strong>Lambda execution role<\/strong><\/td>\n<td style=\"padding:12px 16px;border:1px solid #ddd;\">administrator privileges<\/td>\n<td style=\"padding:12px 16px;border:1px solid #ddd;color:#004a59;font-weight:600;\">only functional rights<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:12px 16px;border:1px solid #ddd;\"><strong>S3 buckets<\/strong><\/td>\n<td style=\"padding:12px 16px;border:1px solid #ddd;\">public with credentials<\/td>\n<td style=\"padding:12px 16px;border:1px solid #ddd;color:#004a59;font-weight:600;\">private, regularly scanned<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:12px 16px;border:1px solid #ddd;\"><strong>Impact of a leaked key<\/strong><\/td>\n<td style=\"padding:12px 16px;border:1px solid #ddd;\">direct path to account admin<\/td>\n<td style=\"padding:12px 16px;border:1px solid #ddd;color:#004a59;font-weight:600;\">worthless after one hour<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">What teams should take away from the incident<\/h2>\n<p>The fuss over the eight minutes distracts from the real finding: the attack succeeded because basic hygiene was missing. Short-lived credentials, sparingly assigned roles, and a quick scan of open buckets would have broken the chain at every link. These measures are old, unglamorous, and effective.<\/p>\n<p>One detail should jolt defenders awake. Sysdig warns that the tell-tale AI traces in code will soon vanish. Better agents write no Cyrillic comments and invent no account numbers. The window in which an AI-assisted attack can be spotted in the code is closing. What remains is hardening that already slows every step of such an attack today.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Frequently Asked Questions<\/h2>\n<details>\n<summary><strong>What is LLMjacking?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">In LLMjacking, attackers hijack stolen cloud access to run expensive language models via services like Amazon Bedrock. The victim foots the bill. In the Sysdig case, the intruder tapped into third-party models and spun up an additional GPU instance at someone else\u2019s expense.<\/p>\n<\/details>\n<details>\n<summary><strong>Does the eight-minute figure come from Google or GTIG?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">No. The specific eight-minute incident was reported by Sysdig\u2019s security team. Google\u2019s Mandiant M-Trends 2026 report provides context, citing a median dwell time of 14 days. Together, the two sources paint the full picture.<\/p>\n<\/details>\n<details>\n<summary><strong>Was a previously unknown vulnerability involved?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">No. The attack relied solely on misconfigurations: long-lived keys in an open S3 bucket and a Lambda execution role with admin privileges. No zero-day was exploited, and no patch is required.<\/p>\n<\/details>\n<details>\n<summary><strong>What\u2019s the fastest defensive move?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Replace long-lived IAM keys with short-lived roles and never grant an execution role admin rights. That removes both the entry point and the path to admin observed in the attack.<\/p>\n<\/details>\n<div style=\"margin:40px 0;padding:0;border-top:2px solid #004a59;\">\n<p style=\"margin:0;padding:16px 0 8px 0;font-size:0.78em;font-weight:700;text-transform:uppercase;letter-spacing:0.18em;color:#004a59;\">Editor\u2019s Reading Picks<\/p>\n<ul style=\"list-style:none;margin:0;padding:0;\">\n<li style=\"padding:10px 0;border-bottom:1px solid #eee;\"><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/29\/kritis-in-the-cloud-what-secures-the-migration\/\" style=\"color:#1a1a1a;text-decoration:none;\">Critical Infrastructure in the Cloud: What Secures the Migration<\/a><\/li>\n<li style=\"padding:10px 0;border-bottom:1px solid #eee;\"><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/24\/ingress-nginx-is-discontinued-the-path-to-gateway-api\/\" style=\"color:#1a1a1a;text-decoration:none;\">Ingress-NGINX End of Life: The Path to Gateway API<\/a><\/li>\n<li style=\"padding:10px 0;\"><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/06\/26\/finops-realistically-reducing-cloud-costs-by-30-percent\/\" style=\"color:#1a1a1a;text-decoration:none;\">FinOps: Realistically Cut Multi-Cloud Costs by 30 Percent<\/a><\/li>\n<\/ul>\n<\/div>\n<div style=\"margin:40px 0 24px 0;\">\n<p style=\"margin:0 0 12px 0;font-size:0.78em;font-weight:700;text-transform:uppercase;letter-spacing:0.18em;color:#666;\">More from the MBF Media Network<\/p>\n<div style=\"padding:14px 18px;border-left:3px solid #69d8ed;background:#fafafa;margin-bottom:6px;\">\n<div style=\"font-size:0.7em;font-weight:700;color:#69d8ed;text-transform:uppercase;letter-spacing:0.12em;margin-bottom:4px;\">securitytoday<\/div>\n<p><a href=\"https:\/\/www.securitytoday.de\/2026\/07\/02\/state-of-vulnerabilities-report-2026-schwachstellen-tempo\/\" style=\"font-weight:600;line-height:1.4;color:#1a1a1a;text-decoration:none;\">When Attackers Outpace the Patch<\/a><\/p>\n<\/div>\n<div style=\"padding:14px 18px;border-left:3px solid #202528;background:#fafafa;margin-bottom:6px;\">\n<div style=\"font-size:0.7em;font-weight:700;color:#202528;text-transform:uppercase;letter-spacing:0.12em;margin-bottom:4px;\">mybusinessfuture<\/div>\n<p><a href=\"https:\/\/mybusinessfuture.com\/die-ki-aufsicht-in-deutschland-hat-jetzt-eine-adresse\/\" style=\"font-weight:600;line-height:1.4;color:#1a1a1a;text-decoration:none;\">Germany\u2019s AI Oversight Authority Now Has an Address<\/a><\/p>\n<\/div>\n<div style=\"padding:14px 18px;border-left:3px solid #d65663;background:#fafafa;\">\n<div style=\"font-size:0.7em;font-weight:700;color:#d65663;text-transform:uppercase;letter-spacing:0.12em;margin-bottom:4px;\">digital-chiefs<\/div>\n<p><a href=\"https:\/\/www.digital-chiefs.de\/hyperscaler-ai-capex-cio-cloud-budget-strategie\/\" style=\"font-weight:600;line-height:1.4;color:#1a1a1a;text-decoration:none;\">The Hyperscalers\u2019 Billion-Dollar Bet and Your Cloud Budget Strategy<\/a><\/p>\n<\/div>\n<\/div>\n<p style=\"text-align:right;font-style:italic;color:#666;\"><em>Image source: AI-generated (July 2026)<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"An attacker took over an AWS account in eight minutes, according to Sysdig. The path led through an open S3 bucket and a Lambda role with admin rights.","protected":false},"author":31,"featured_media":48484,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg","_yoast_wpseo_twitter-image-id":0,"pre_headline":"","bildquelle":"","teasertext":"","language":"de","_evm_translation_lang":"","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":[],"footnotes":""},"categories":[964],"tags":[],"industry":[],"class_list":["post-48662","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"evm_reading_time_minutes":8,"wpml_language":"en","wpml_translation_of":48476,"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took<\/title>\n<meta name=\"description\" content=\"AI-accelerated cloud attacks in 8 minutes: What the Sysdig case reveals and how teams can harden defenses now.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took\" \/>\n<meta property=\"og:description\" content=\"AI-accelerated cloud attacks in 8 minutes: What the Sysdig case reveals and how teams can harden defenses now.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/\" \/>\n<meta property=\"og:site_name\" content=\"cloudmagazin\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cloudmagazincom\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-06T16:29:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-07T16:28:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg\" \/>\n<meta name=\"author\" content=\"Alec Chizhik\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@cloudmagazin\" \/>\n<meta name=\"twitter:site\" content=\"@cloudmagazin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alec Chizhik\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/\"},\"author\":{\"name\":\"Alec Chizhik\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#\\\/schema\\\/person\\\/ce38baaa19a580268aedce096597eb3c\"},\"headline\":\"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took\",\"datePublished\":\"2026-07-06T16:29:38+00:00\",\"dateModified\":\"2026-07-07T16:28:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/\"},\"wordCount\":1326,\"publisher\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg\",\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/\",\"url\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/\",\"name\":\"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg\",\"datePublished\":\"2026-07-06T16:29:38+00:00\",\"dateModified\":\"2026-07-07T16:28:31+00:00\",\"description\":\"AI-accelerated cloud attacks in 8 minutes: What the Sysdig case reveals and how teams can harden defenses now.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg\",\"width\":1792,\"height\":1024,\"caption\":\"Clean flat textfree editorial infographic of a four-step cloud attack path, arranged left to right connected by clear arrows: (1) an open st\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/2026\\\/07\\\/06\\\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/home\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/\",\"name\":\"cloudmagazin\",\"description\":\"Inspiration f\u00fcr Businessentscheider\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#organization\",\"name\":\"cloudmagazin\",\"url\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/cloudmagazin-logo-klein_menu.jpg\",\"contentUrl\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/cloudmagazin-logo-klein_menu.jpg\",\"width\":150,\"height\":150,\"caption\":\"cloudmagazin\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/cloudmagazincom\\\/\",\"https:\\\/\\\/x.com\\\/cloudmagazin\",\"https:\\\/\\\/www.linkedin.com\\\/showcase\\\/cloudmagazin\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/#\\\/schema\\\/person\\\/ce38baaa19a580268aedce096597eb3c\",\"name\":\"Alec Chizhik\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/alec-chizhik.jpg\",\"url\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/alec-chizhik.jpg\",\"contentUrl\":\"https:\\\/\\\/www.cloudmagazin.com\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/alec-chizhik.jpg\",\"caption\":\"Alec Chizhik\"},\"description\":\"Alec is the Chief Digital Officer at Evernine and writes about cloud architectures, IT security, and digital operations practices.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/alecchizhik\\\/\"],\"url\":\"https:\\\/\\\/www.cloudmagazin.com\\\/en\\\/author\\\/alec\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took","description":"AI-accelerated cloud attacks in 8 minutes: What the Sysdig case reveals and how teams can harden defenses now.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/","og_locale":"en_US","og_type":"article","og_title":"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took","og_description":"AI-accelerated cloud attacks in 8 minutes: What the Sysdig case reveals and how teams can harden defenses now.","og_url":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/","og_site_name":"cloudmagazin","article_publisher":"https:\/\/www.facebook.com\/cloudmagazincom\/","article_published_time":"2026-07-06T16:29:38+00:00","article_modified_time":"2026-07-07T16:28:31+00:00","og_image":[{"url":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg","type":"","width":"","height":""}],"author":"Alec Chizhik","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg","twitter_creator":"@cloudmagazin","twitter_site":"@cloudmagazin","twitter_misc":{"Written by":"Alec Chizhik","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/#article","isPartOf":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/"},"author":{"name":"Alec Chizhik","@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/person\/ce38baaa19a580268aedce096597eb3c"},"headline":"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took","datePublished":"2026-07-06T16:29:38+00:00","dateModified":"2026-07-07T16:28:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/"},"wordCount":1326,"publisher":{"@id":"https:\/\/www.cloudmagazin.com\/en\/#organization"},"image":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg","articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/","url":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/","name":"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took","isPartOf":{"@id":"https:\/\/www.cloudmagazin.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/#primaryimage"},"image":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg","datePublished":"2026-07-06T16:29:38+00:00","dateModified":"2026-07-07T16:28:31+00:00","description":"AI-accelerated cloud attacks in 8 minutes: What the Sysdig case reveals and how teams can harden defenses now.","breadcrumb":{"@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/#primaryimage","url":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg","contentUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/07\/aws-admin-acht-minuten-s3-bucket-lambda-cover-hero-1.jpg","width":1792,"height":1024,"caption":"Clean flat textfree editorial infographic of a four-step cloud attack path, arranged left to right connected by clear arrows: (1) an open st"},{"@type":"BreadcrumbList","@id":"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/eight-minutes-to-aws-admin-how-an-open-s3-bucket-and-an-admin-lambda-were-all\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cloudmagazin.com\/en\/home\/"},{"@type":"ListItem","position":2,"name":"Eight Minutes to AWS Admin: How an Open S3 Bucket and an Admin Lambda Were All It Took"}]},{"@type":"WebSite","@id":"https:\/\/www.cloudmagazin.com\/en\/#website","url":"https:\/\/www.cloudmagazin.com\/en\/","name":"cloudmagazin","description":"Inspiration f\u00fcr Businessentscheider","publisher":{"@id":"https:\/\/www.cloudmagazin.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cloudmagazin.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cloudmagazin.com\/en\/#organization","name":"cloudmagazin","url":"https:\/\/www.cloudmagazin.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2020\/04\/cloudmagazin-logo-klein_menu.jpg","contentUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2020\/04\/cloudmagazin-logo-klein_menu.jpg","width":150,"height":150,"caption":"cloudmagazin"},"image":{"@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/cloudmagazincom\/","https:\/\/x.com\/cloudmagazin","https:\/\/www.linkedin.com\/showcase\/cloudmagazin\/"]},{"@type":"Person","@id":"https:\/\/www.cloudmagazin.com\/en\/#\/schema\/person\/ce38baaa19a580268aedce096597eb3c","name":"Alec Chizhik","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/03\/alec-chizhik.jpg","url":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/03\/alec-chizhik.jpg","contentUrl":"https:\/\/www.cloudmagazin.com\/wp-content\/uploads\/2026\/03\/alec-chizhik.jpg","caption":"Alec Chizhik"},"description":"Alec is the Chief Digital Officer at Evernine and writes about cloud architectures, IT security, and digital operations practices.","sameAs":["https:\/\/www.linkedin.com\/in\/alecchizhik\/"],"url":"https:\/\/www.cloudmagazin.com\/en\/author\/alec\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/posts\/48662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/users\/31"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/comments?post=48662"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/posts\/48662\/revisions"}],"predecessor-version":[{"id":48663,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/posts\/48662\/revisions\/48663"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/media\/48484"}],"wp:attachment":[{"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/media?parent=48662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/categories?post=48662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/tags?post=48662"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.cloudmagazin.com\/en\/wp-json\/wp\/v2\/industry?post=48662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}