It's not fun, I got hacked through an archived git repo, for when I was learning to use AWS, following tutorials and whatnot.
Forgot about it for years, then out of nowhere got hit for 27k...needless to say I said good luck collecting that shit.
They waived it all granted I logged in and deleted all resources that were running as well as removed all identities. Sure as hell I did that and saw a ton of identities out in the middle of nowhere. Fucking hackers ran up a shit ton of AWS sagemaker resources trying to probably hack some dude's wallet.
Every time I see a tutorial on how to deploy x in AWS, I get pissed. The newbies need to learn about administration before they start deploying shit on cloud infra.
I can precisely envision how easy this must have been to get away with for a while since it's super unclear which instances are running and what is doing what on AWS. I genuinely believe this is part of Amazon's revenue model, such that enterprises waste money on instances they just forget about.
By using the computing resources of others' servers to mine cryptocurrency, the cybercriminals can profit at the expense of the compromised organizations, whose CPU and GPU performance is degraded by the mining.