Ctrl Alt Intel says a coordinated campaign exploited the React2Shell vulnerability to steal AWS credentials and access cloud environments. Attackers exfiltrated private keys, configuration data, source code, and Docker images tied to staking platforms and exchange providers such as ChainUp. Infrastructure was traced to a South Korea–based server; attribution is rated moderate and the origin of the compromised credentials is unknown.

Ctrl Alt Intel reports a coordinated campaign that exploited React2Shell and stole AWS credentials to access cloud environments; attackers exfiltrated private keys, configuration data, source code, and Docker images tied to staking platforms and exchange providers such as ChainUp; infrastructure was traced to a South Korea–based server and attribution is rated moderate with the origin of credentials unknown. Those factual elements (credential theft and private-key exfiltration) support a negative sentiment and elevated impact.