"“The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting to spread to additional hosts,” SentinelOne security researcher Alex Delamotte said in a report published today."
"“PCPJack is specifically designed to target cloud services like Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications, allowing the operators to spread in a worm-like fashion, aswell as move laterally within the compromised networks.”"
"“It's assessed that the end goal of the cloud attack campaign is to generate illicit revenue for the threat actors through credential theft, fraud, spam, extortion, or resale of stolen access.”"
"“The starting point of the attack is a bootstrap shell script that's used to prepare the environment - such as configuring the payload host - and download next-stage tooling, while simultaneously taking steps to infect its own infrastructure, terminate and remove processes or artifacts that are associated with TeamPCP, install Python,”"
PCPJack is a credential theft framework targeting exposed cloud infrastructure and vulnerable services. It harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates data through attacker-controlled infrastructure while attempting to spread to additional hosts. The framework targets cloud technologies including Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. It supports worm-like propagation and lateral movement within compromised networks. The campaign goal is assessed to be illicit revenue generation through credential theft, fraud, spam, extortion, or resale of stolen access. PCPJack overlaps in targeting with TeamPCP, but it lacks a cryptocurrency mining component. The initial infection uses a bootstrap shell script to prepare the environment, configure the payload host, download next-stage tooling, and remove TeamPCP-related artifacts while installing Python.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]