The attack technique, dubbed “ECScape,” was discovered by researcher Naor Haziz while developing an eBPF-based monitoring tool for ECS workloads.
Haziz presented his findings at Black Hat USA 2025, demonstrating how a compromised container with low-privileged IAM roles can obtain the permissions of higher-privileged containers sharing the same host.
The ECScape technique exploits the way Amazon ECS delivers IAM credentials to containers.
In ECS on EC2, the control plane assumes each task’s IAM role and pushes those credentials to the ECS agent via a WebSocket connection.
The agent then serves these credentials to containers through a local metadata service at 169.254.170.2.
The attack begins when a malicious container accesses the EC2 instance’s metadata service (IMDS) to steal the host’s IAM role credentials.
Using these credentials, the attacker can impersonate the ECS agent by establishing a fake WebSocket connection to the ECS control plane with a “sendCredentials=true” parameter.
This allows the attacker to harvest IAM credentials for all tasks running on the same instance.
In a live demonstration, Haziz showed how an attacker-controlled container with no effective permissions successfully compromised sensitive resources by stealing credentials from co-located tasks.
The demonstration included accessing S3 buckets and extracting database secrets that should have been isolated from the malicious container.
The attack is particularly concerning because it leaves minimal detection traces.
AWS CloudTrail logs attribute API calls to the victim task’s legitimate role, making initial detection difficult since actions appear to originate from authorized tasks.
When reported through AWS’s coordinated disclosure program, Amazon determined that ECScape represents “working as designed” behavior rather than a vulnerability.
AWS maintains that containers sharing an EC2 instance are implicitly part of the same trust domain unless users enforce proper isolation.
However, AWS did update its documentation to explicitly warn that “tasks running on the same EC2 instance may potentially access credentials belonging to other tasks on that instance.”
The company now strongly recommends using AWS Fargate for stronger isolation and monitoring cross-task role usage via CloudTrail.
Security experts recommend several mitigation strategies: disabling or restricting IMDS access for containers, isolating high-privilege tasks on separate instances, implementing least-privilege IAM policies, and using AWS Fargate for workloads requiring strict isolation.
Organizations can also deploy monitoring solutions to detect unusual IAM role usage patterns that might indicate credential theft.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Amazon ECScape Flaw Enables Cross-Task AWS Credential Theft via ECS Internal Protocol appeared first on Cyber Security News.
A newly disclosed flaw in one of the world’s most widely deployed web servers is…
Written by Jenae Barnes, The 19th This story was originally reported by The 19th. As…
Spoilers follow for The Mandalorian and Grogu.For most of the running time of The Mandalorian…
In the 41st millennium, there is only war. Everything, and I mean everything, is abysmal…
This website uses cookies.