PCPJack Hijacks 230 Cloud Servers to Build Covert SMTP Relay Network

The threat actor tracked as PCPJack has compromised at least 230 cloud servers across Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure, converting them into a covert SMTP relay network. According to threat intelligence firm Hunt.io, the hijacked infrastructure—spread across the U.S., Europe, and Asia—was verified for outbound mail relay capability and synced to a downstream consumer every five minutes. The discovery was made after the operator accidentally left two unauthenticated open directories on a command-and-control server at 213.136.80[.]73, exposing source code, compiled binaries, deployment logs, and a live Sliver C2 configuration. PCPJack was first identified by SentinelOne in April 2026 as a credential theft framework targeting cloud services, with overlaps to the activity of TeamPCP, a group known for software supply chain intrusions.

The exposed directories revealed a Sliver-integrated SMTP proxy deployment toolkit bundled with Chisel tunneling binaries compiled for multiple Linux CPU architectures, including AMD64, ARM64, and x86. On compromised hosts, the proxy binary was dropped as a hidden dot-prefixed file and persisted at /var/tmp/.xs to evade casual detection. Deployer scripts were configured to load the Sliver C2 client and filter for Linux beacons that had checked in within the past ten minutes. Each beacon received a deterministic SOCKS5 proxy port derived from an MD5 hash of its Sliver UUID, mapped into the range 10000–14999—an approach that eliminates the need for a shared port registry across restarts. To validate usefulness, an SMTP quality gate probed outbound access to smtp.gmail[.]com:587, and any host failing the check was skipped with an exit code of zero. Operators can run a port scanner to audit whether unexpected services are listening on common SOCKS ranges, a quick way to flag potential beacon activity.

A diagnostic script rotated through five active beacons and tasked each with verifying the presence of Chisel binaries at known drop paths, confirming a running Chisel process, checking available disk space, testing reachability of port 9000 on the C2 server, and validating persistence artifacts. Beacons were processed in batches of 50, with a 25-minute wait after uploads and 15 minutes after execution commands to accommodate slow-interval check-ins. Hunt.io noted that later iterations of the deployer scripts stripped out the SMTP gate and batching logic, suggesting the threat actor was refining the toolset for faster, broader deployment across additional cloud tenants.

The operation underscores how attackers continue to weaponize legitimate cloud workloads—particularly mail relay endpoints—as stealthy infrastructure for phishing, spam, and follow-on intrusions. Security teams should audit outbound SMTP traffic from cloud instances, monitor for unauthorized Chisel processes, and review IAM roles for credential theft indicators associated with the PCPJack framework. Organizations concerned about exposed credentials can use a email breach checker to determine whether accounts tied to cloud workloads appear in known dumps, while a broader privacy checkup can help identify misconfigurations that often precede this class of compromise.