Next-gen security specialist Sophos has revealed details of a sophisticated new attack known as Cloud Snooper, which enables malware on servers to communicate freely with its command and control (C2) servers through its victims’ firewalls, and may have been developed by a nation state actor.
The attack technique was uncovered by SophosLabs threat research manager Sergei Shevchenko whilst investigating a malware infection of some AWS hosted cloud servers. However, it is not an AWS-specific attack, but rather it represents a method of piggybacking C2 traffic on legitimate traffic to get past firewalls and exfiltrate data.
