MEDIUMVulnerability
Global

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

·Source: The Hacker News

Updated:

Executive Summary

The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every five minutes," Hunt.io said in

Analysis

The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every five minutes," Hunt.io said in

Indicators of Compromise (1)

Domain (1)
Hunt.io
VirusTotalURLhaus
Source Attribution

Originally published by The Hacker News on Jun 5, 2026.

Related Threats

CRITICALVulnerability

NVD CRITICAL: CVE-2026-44748 — SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated ...

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on conf

CVE-2026-44748
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-40128 — SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated ...

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.

CVE-2026-40128
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-27671 — Due to improper RFC protocol validation in the SAP Kernel used by the Applicatio...

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.

CVE-2026-27671
NIST NVD