Hello everybody. Hope you’re doing great.
I noticed an abnormal billing increase in the SNS service. Looks like a “hacking” because billing shows thousands of SMS’s to France
I noticed all the Cloudwatch logs and I got even the number where the subscription was made
Cloudtrail just shows which user had the sns permissions, which services used sns but does not show why the SMS were sent to France or how.
How could I get more insights regarding this issue?