Rootkit in the Cloud: Hacker Group Breaches AWS Servers

Advisories

Discover Hacks/Cracks News

Rootkit in the Cloud: Hacker Group Breaches AWS Servers

Antonio Alcantara KFUgbW4mBJo Unsplash 570x300

A sophisticated hacker group pwned Amazon Web Services (AWS) servers, set up a rootkit that let them remotely control servers, then merrily funnelled sensitive corporate data home to its command and control (C2) servers from a range of compromised Windows and Linux machines inside an AWS data centre.

That’s according to a report from the UK’s Sophos published late last week, which has raised eyebrows and questions in the security industry. The attackers neatly sidestepped AWS security groups (SGs); which, when correctly configured, act as a security perimeter for associated Amazon EC2 instances.

The unnamed target of this attack had correctly tuned their SGs. But with a rootkit installed on their AWS servers that gave attackers remote access, the compromised Linux system was still listening for inbound connections on ports 2080/TCP and 2053/TCP: something that eventually triggered Sophos’ intervention.

The link for this article located at CBR Online is no longer available.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.