Security News > 2023 > August > Attackers can turn AWS SSM agents into remote access trojans

Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and VMs in other cloud environments). The success of this “living off the land” technique hinges on: Attackers gaining initial access to the machine (e.g., by exploiting an unpatched vulnerability on a public-facing instance/server), and The presence … More → The post Attackers can turn AWS SSM agents into remote access trojans appeared first on Help Net Security.

News URL

https://www.helpnetsecurity.com/2023/08/02/aws-instances-attackers-access/