Rootkit in the Cloud: Hacker Group Breaches AWS Servers
1 min read
Mar 05, 2020
A sophisticated hacker group pwned Amazon Web Services (AWS) servers, set up a rootkit that let them remotely control servers, then merrily funnelled sensitive corporate data home to its command and control (C2) servers from a range of compromised Windows and Linux machines inside an AWS data centre.
That’s according to a report from the UK’s Sophos published late last week, which has raised eyebrows and questions in the security industry. The attackers neatly sidestepped AWS security groups (SGs); which, when correctly configured, act as a security perimeter for associated Amazon EC2 instances.
The unnamed target of this attack had correctly tuned their SGs. But with a rootkit installed on their AWS servers that gave attackers remote access, the compromised Linux system was still listening for inbound connections on ports 2080/TCP and 2053/TCP: something that eventually triggered Sophos’ intervention.
The link for this article located at CBR Online is no longer available.
Related Articles
1 - 0 min read
Tails 6.2 Improves Security, Expands Multilingual Support
1 - 0 min read
Linux vs. Windows: A Critical Look at Desktop Choices
1 - 0 min read
Spectre V2: A New Threat to Linux Systems
