This article describes a hacker operation, which used a compromised AWS API Key. Found out, there are SES rights assigned to it. Managed to send a blast through many regions at once, later also requesting production access programmatically with a ticket request.
That got granted - AWS wasn’t suspicious enough in that case. A later increase of sending limites got refused, but it was already enough volume for the spam operation.