AWS S3 is abused by UNC6692 as payload staging and C2 infrastructure, with malicious traffic routed through attacker-controlled S3 buckets to blend with legitimate cloud service egress from enterprise networks. No AWS platform vulnerability is involved; the risk is infrastructure abuse of legitimately provisioned or misconfigured S3 resources. Organizations without S3 data event logging enabled in CloudTrail and without outbound S3 traffic baselines are detection-blind to this C2 channel.