Skip to main content

Rootkit in the Cloud: Hacker Group Breaches AWS Servers

posted onMarch 4, 2020
by l33tdawg
CBR Online
Credit: CBR Online

A sophisticated hacker group pwned Amazon Web Services (AWS) servers, set up a rootkit that let them remotely control servers, then merrily funnelled sensitive corporate data home to its command and control (C2) servers from a range of compromised Windows and Linux machines inside an AWS data centre.

That’s according to a report from the UK’s Sophos published late last week, which has raised eyebrows and questions in the security industry. The attackers neatly sidestepped AWS security groups (SGs); which, when correctly configured, act as a security perimeter for associated Amazon EC2 instances.

The unnamed target of this attack had correctly tuned their SGs. But the compromised Linux system was still listening for inbound connections on ports 2080/TCP and 2053/TCP: something that eventually triggered alerts, and Sophos’ intervention. Sophos was at pains to emphasise that while this particular attack targeted AWS servers, it was “not an AWS problem per se. It represents a method of piggybacking C2 traffic on a legitimate traffic… in a way that can bypass many, if not most, firewalls.”

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th