Hackers can exploit exposed Amazon S3 buckets to carry out silent Man-in-the-Middle attacks or other hacks on a company’s customers or internal staff. One misconfigured S3 bucket is all it takes for hackers to replace files with malicious ones that they use for nefarious purposes. GhostWriter is a stealthy and hard to pick up, as it relies on the trust most organizations put in cloud providers. Attack is eerily similar to how Russian cyber-espionage group APT28 (DNC hackers) often replace legitimate files with malware-laced documents.
Source: https://www.bleepingcomputer.com/news/security/misconfigured-amazon-s3-buckets-expose-users-companies-to-stealthy-mitm-attacks/