“It started with a small billing spike… and ended with an AWS Abuse Report.” One morning, I noticed something unusual in my AWS billing dashboard. At first glance, it didn’t look huge — around $20 . But something felt off. ⚠️ The Red Flag When I checked deeper: Most charges were from data transfer Traffic originated from ap-south-1 (Mumbai) Data was being sent to Middle East (Bahrain) region And the scary part… 👉 This activity happened at night — when I wasn’t even using AWS 💣 Then Came the Real Shock During the same time window… I received an AWS Abuse Report email . It said: My EC2 instance was involved in suspicious activity Possibly Denial of Service (DoS)-like behavior AWS warned my environment might be compromised 👉 That’s when it was clear: This wasn’t just billing. This was an active compromise.…