Attackers target the config file first to confirm they can read files from the system. If they can read config , they can likely read credentials . If those keys belong to a highly privileged user or the root account, the attacker can gain full control over the entire AWS environment. How the Attack Works
[profile dev] region = eu-west-2 output = table fetch-url-file-3A-2F-2F-2Froot-2F.aws-2Fconfig
: Details about the identity and permissions assigned to the server. Attackers target the config file first to confirm
This path seems to be referencing a configuration file for AWS (Amazon Web Services) located in a .aws directory. fetch-url-file-3A-2F-2F-2Froot-2F.aws-2Fconfig