Security News > 2023 > August > Attackers can turn AWS SSM agents into remote access trojans
2023-08-02 12:59
Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and VMs in other cloud environments). The success of this “living off the land” technique hinges on: Attackers gaining initial access to the machine (e.g., by exploiting an unpatched vulnerability on a public-facing instance/server), and The presence … More → The post Attackers can turn AWS SSM agents into remote access trojans appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2023/08/02/aws-instances-attackers-access/
Related news
- QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features (source)
- Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access (source)
- Kimsuky hackers use new custom RDP Wrapper for remote access (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)