The CISA and the FBI issued a joint warning about the Androxgh0st malware botnet, indicating that threat actors are building a botnet network to extract cloud credentials. Threat actors were also observed using stolen AWS credentials to create new users and user policies on a vulnerable website. The agencies have released IOCs associated with the Androxgh0st malware operation and recommended mitigations.