VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

PCPJack seized 230 cloud servers for a covert SMTP network

PCPJack захватил 230 облачных серверов для скрытой SMTP‑сети

Colleagues, a cybersecurity alert: PCPJack converted 230 AWS, Google Cloud and Azure instances into a covert SMTP relay network.

Hunt.io recovered source code, binaries, Sliver configurations and exposed C2 directories. Compromised hosts were probed for relay and the proxy list synchronized every 5 minutes.

Indicators: hidden binary in /var/tmp/.xs, Chisel tunnels, deterministic SOCKS5 ports and Sliver beacons.

Recommendations: audit cloud instances, monitor outbound SMTP, hunt for persistence (cron/systemd, hidden files), block Chisel/SCP traffic and rotate credentials.

Why it matters: attackers abuse cloud resources for large-scale messaging — posing reputational and infrastructure security risks.

What measures do you prioritise?
#cybersecurity #cloud #incident #SMTP

Latest comments

No comments yet.