Cisco Talos has confirmed in the past few days that malicious users are using remote access trojans (RATs) of the Nanocore, Netwire and AsyncRAT types to steal sensitive data from victims’ PCs by leveraging Amazon’s AWS and Microsoft’s Azure services in their malicious activities.

The discovery confirms that cyber criminals’ activities increasingly rely on attacking cloud infrastructures that are increasingly exploited by all companies. Cloud infrastructure such as AWS and Azure which are the two largest and most advanced in the world and still have vulnerabilities some times do not directly involve the facility.

Infection Chain

The infection chain starts with a spearphishing email that contains a malicious ZIP attachment. The ZIP file contains an ISO image containing JavaScript loader, Visual Basic script, or a Windows batch file format. Hackers prompt users to open the attachment by imitating it as a documen