Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and VMs in other cloud environments). The success of this “living off the land” technique hinges on: Attackers gaining initial access to the machine (e.g., by exploiting an unpatched vulnerability on a public-facing instance/server), and The presence … More

The post Attackers can turn AWS SSM agents into remote access trojans appeared first on Help Net Security.