The Register: Subpoena tracking platform blames outage on AWS social engineering attack

Oct 2, 2025

—

Source URL: https://www.theregister.com/2025/10/02/subpoena_tracking_platform_outage_blamed/
Source: The Register
Title: Subpoena tracking platform blames outage on AWS social engineering attack

Feedly Summary: Software maker Kodex said its domain registrar fell for a fraudulent legal order
A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain.…

AI Summary and Description: Yes

**Summary:** The text highlights a cybersecurity incident involving the software platform Kodex, which faced a domain freeze due to social engineering attacks aimed at AWS. This situation emphasizes the vulnerabilities that domain registrars and cloud services can encounter, which is particularly relevant for professionals involved in cloud computing security and information security.

**Detailed Description:** The incident described illustrates significant security concerns surrounding the management of domains, especially in the context of an increasing reliance on cloud services and digital platforms for law enforcement and other organizations. Here are the major points elaborated:

– **Fraudulent Legal Order:** The domain registrar was misled by a fraudulent legal order, indicating a potential gap in verification processes for legal documents among service providers.

– **Social Engineering Attack:** Attackers employed social engineering tactics to manipulate AWS into taking action that ultimately hindered Kodex’s operations. This highlights the importance of training and vigilance against social engineering threats within organizations.

– **Impact on Law Enforcement and Tech Companies:** The fact that Kodex is used by law enforcement agencies raises concerns about the ripple effects of downtime or disrupted services in sensitive areas like law enforcement and data request management.

– **Cloud Service Vulnerabilities:** The incident serves as a case study for cloud computing security, pointing out that cloud service providers must enhance their protocols for authenticity and verification in handling legal documents and requests.

– **Role of Domain Registrars:** The incident reveals the critical role that domain registrars play in cybersecurity. It emphasizes a need for better security practices to prevent similar breaches that can affect the operational capacity of various platforms.

Overall, this incident underscores the imperative for organizations to adopt stronger security measures against social engineering, ensure robust due diligence processes, and foster a security culture that can help prevent such operational disruptions in the future.

1 10 2 2025 5 a Act after age AI Aker All and art as at ated attack attacker attackers attacks authenticity AWS Bi breach breaches by C capacity case study CERN CI CIA Cloud cloud computing cloud computing security cloud service cloud service providers cloud service vulnerabilities cloud services co Col companies Computing concerns Context core critical culture cyber cybersecurit Cybersecurity cybersecurity incident D data data request management data requests de digital digital platforms disruption document domain domain registrar domain registrars domains downtime due diligence e enforcement Engineer engineering event face fact for fraud free future g Gen GIS git H handling high Highlight HR http HTTPS impact in incident information information security io J k l Labor Lance law Law Enforcement led Legal legal order Li M man management measures Mila N o oE of on ons operation operational operational disruption operational disruptions operations opt organization organizations oS other out outage over per platform platforms play point potential practices pre pro process processes professionals protocol protocols ps Q R rack Raise rate RCE re red Ro Role RoT s sec security security concerns security culture security incident security measure security measures security practices service service provider service providers services Sig Sim size sizes SoC social social engineering social engineering attack social engineering attacks social engineering tactics software software platform source SSE study T tactics taking tech tech companies ted text the threat threats Time to TP tracking training UN under up US use uth V verification verification process verification processes vigilance vulnerabilities Ware Wi x z