top of page
ALL POSTS
PCPJack: How Attackers Hijacked 230 Cloud Servers for Covert Email Relay
Key Findings Threat actor PCPJack compromised 230 cloud servers across AWS, Google Cloud, and Microsoft Azure and converted them into covert SMTP relay proxies Complete toolkit, source code, and live command-and-control configuration were accidentally exposed in an unauthenticated directory on a C2 server The operation used Sliver C2 framework combined with Chisel tunneling to create a self-healing, monitored email relay network that synced verified proxies every five minutes
Jun 53 min read
Cloud Under Siege: P2Pinfect Botnet Threats Targeting Kubernetes Infrastructure
Key Findings FortiGuard Labs identified persistent P2Pinfect botnet activity within Google Kubernetes Engine clusters targeting multiple enterprise clients One network compromise persisted for six months, demonstrating advanced operational dedication Initial infections originated from exposed Redis instances requiring no complex exploitation, only basic misconfigurations P2Pinfect uses peer-to-peer mesh architecture written in Rust, eliminating single points of failure and de
May 253 min read
European Commission Data Breach: ShinyHunters Claims 350GB Hack of AWS Cloud Infrastructure
Key Findings ShinyHunters claims to have breached European Commission systems and stolen over 350GB of data Alleged data includes mail server dumps, databases, confidential documents, and contracts The European Commission confirmed detecting a cyberattack on March 24 affecting cloud infrastructure hosting Europa.eu websites Internal systems were not compromised according to the Commission's investigation AWS denies any security incident occurred within its cloud environment N
Mar 283 min read
Voidlink Malware Raises High Alert for Cloud Systems with Custom-Built Attacks
VoidLink Malware Puts Cloud Systems on High Alert With Custom Built Attacks Summary Key Points: VoidLink is a highly adaptable threat targeting cloud environments Discovered by Check Point Research in January 2026 and reported by Hackread.com This Chinese-developed framework is designed to infiltrate critical business infrastructure Background VoidLink is a malware that has been putting cloud environments on high alert. It was first brought to light by Check Point Research on
Jan 222 min read
Exposed: Amazon's Years-Long Cyber Campaign against GRU Targeting Energy and Cloud Infrastructure
Key Findings Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. The activity has been attributed with high confidence to Russia's Main Intelligence Directorate (GRU), citing infrastructure overlaps with APT44, also known as FROZENBARENTS, Sandworm, Seashell Blizzard, and Voodoo Bear. The campaign targeted energy sector organizations across Western natio
Dec 17, 20252 min read
bottom of page
