SiliconAngle reports that Amazon Web Services' System Manager Agent for DevOps could be exploited as an integrated remote access trojan for Windows and Linux systems through a novel post-exploitation attack, which facilitates communications between an endpoint agent and an attacker-owned AWS account.
Windows and Linux machines running the SSM Agent could be compromised by attackers with command execution permissions to enable the deployment of backdoors and trojans for persistence and endpoint takeovers, according to a Mitiga report. Threat actors could then leverage such access to facilitate data theft, filesystem encryption, cryptomining activities, and further network endpoint infections, said researchers.
Further details on determining the ongoing operation of malicious agents, as well as detecting illicit communications between the SSM Agent and a threat actor-controlled AWS account have also been provided by researchers, who have already provided the AWS security team with the findings of their report.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news