On 2024-10-31, an incident was reported, involving Volt Typhoon, APT31, APT41, gaining initial access via Unknown, while using SSM misconfiguration abuse, to achieve Data exfiltration. The following tools were observed: CloudSnooper, Onderon, Gh0st RAT.