A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain.

Kodex Global said its website, portal, API, and some email services were rendered unavailable on October 1 between 08:54-12:47 EDT. AWS is the domain registrar for Kodex Global.

While Kodex didn’t explicitly name AWS in its public update on the outage, cyber sleuths identified that attackers attempted to transfer the domain to a different registrar.

“While threat actors claimed responsibility for the disruption, ownership was never transferred; it was the registrar who improperly froze our domain as a result of the fraudulent legal order,” the company claimed.

“No credentials were compromised, no customer data was accessed, and Kodex itself was never breached. At no point did the threat actors have access to, or compromise the confidentiality of, customer data or internal systems.”

A spokesperson at AWS told The Register: “We quickly resolved the matter as soon as we were made aware of the error and are taking steps to ensure that it doesn’t happen again.”

If the attackers had been more successful, the potential consequences could have seen them intercept Kodex’s emails, potentially accessing sensitive information, or taking control of accounts with access to MFA authentication resets, among other things.

According to Kodex, its software is used by more than 15,000 government agencies worldwide, as well as a host of major tech companies, including AT&T, Binance, Bumble, Discord, Hinge, Match Group, OpenAI, Yahoo, and more.

Somewhat ironically, the social engineering attack that led to its outage came mere hours after Kodex issued a warning about law enforcement agencies and local government that also had their domains compromised.

The attacks targeted organizations in the US, various countries in South America, and Greece, according to a company LinkedIn post. ®