PCPJack seized 230 cloud servers for a covert SMTP network

Colleagues, a cybersecurity alert: PCPJack converted 230 AWS, Google Cloud and Azure instances into a covert SMTP relay network.
Hunt.io recovered source code, binaries, Sliver configurations and exposed C2 directories. Compromised hosts were probed for relay and the proxy list synchronized every 5 minutes.
Indicators: hidden binary in /var/tmp/.xs, Chisel tunnels, deterministic SOCKS5 ports and Sliver beacons.
Recommendations: audit cloud instances, monitor outbound SMTP, hunt for persistence (cron/systemd, hidden files), block Chisel/SCP traffic and rotate credentials.
Why it matters: attackers abuse cloud resources for large-scale messaging — posing reputational and infrastructure security risks.
What measures do you prioritise?
#cybersecurity #cloud #incident #SMTP


Latest comments
No comments yet.