PCPJack Built a 230-Node Cloud SMTP Relay Network on Hijacked Servers
Researchers at Hunt.io uncovered a covert 230-node SMTP relay network built from compromised Linux servers hosted on AWS, Google Cloud, and Microsoft Azure after finding two unauthenticated open directories on 213.136.80[.]73. The exposed directories contained source code, binaries, deployment logs, scanners, exploitation tools, and a live Sliver configuration, revealing an active operation that used Sliver implants and Chisel tunneling to convert business servers across the U.S., Europe, and Asia into monitored SMTP-capable proxies. Deployment artifacts showed at least one completed wave in March 2026 with 230 successful uploads and executions, while verification data suggested earlier undocumented activity using different port ranges.
The recovered toolkit showed a structured workflow that established reverse SOCKS5 tunnels, persisted on Linux systems as /var/tmp/.xs or xsync, tested outbound access to smtp.gmail[.]com:587, assigned deterministic proxy ports, and synchronized verified relay nodes every five minutes via SCP to a downstream server at 38.242.204[.]245. Hunt.io said the infrastructure was likely intended for large-scale email delivery such as spam or phishing, although the final use remains unconfirmed. The campaign has been linked to PCPJack, a cloud-focused credential-theft framework previously identified by SentinelOne, but researchers said the relationship between PCPJack and TeamPCP infrastructure remains unclear and attribution is based primarily on shared infrastructure rather than definitive operator identification.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Hunt.io observed a 230-node PCPJack deployment wave in March 2026
State artifacts and deployment logs showed at least one completed March 2026 run in which PCPJack successfully uploaded and executed tooling on 230 Linux cloud servers to build SMTP-capable relay nodes.
Hunt.io uncovered PCPJack's active cloud SMTP relay network
Analysis of the exposed files revealed an active covert SMTP relay network spanning compromised AWS, Google Cloud, and Microsoft Azure business servers across the U.S., Europe, and Asia, using Sliver implants and Chisel tunnels to maintain monitored proxy nodes.
Researchers found exposed PCPJack tooling on server 213.136.80[.]73
Hunt.io discovered two unauthenticated open directories on the internet-facing server 213.136.80[.]73 that exposed source code, binaries, deployment logs, scanners, exploitation tools, and a live Sliver-related working directory tied to the operation.
SentinelOne identified PCPJack during a cloud credential theft investigation
In April 2026, SentinelOne previously identified PCPJack as a cloud-focused credential theft framework and noted overlap or contention with TeamPCP-related infrastructure or artifacts.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network
securityaffairs.com
Open sourcePCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
thehackernews.com
Open sourcePCPJack Hijacked 230 AWS, GCP, and Azure Servers to Run a Hidden SMTP Relay Network
hunt.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
PCPJack Cloud Worm Steals Credentials and Replaces TeamPCP Infections
SentinelLABS reported that attackers are deploying **PCPJack**, a modular Linux- and Python-based cloud worm built to steal credentials at scale from exposed cloud infrastructure. The framework targets cloud, container, developer, productivity, and financial environments, then spreads laterally through **Docker**, **Kubernetes**, **Redis**, **MongoDB**, **RayML**, **SSH**, and vulnerable web applications. Researchers said the malware removes TeamPCP-related artifacts from compromised systems, indicating it is designed to replace or evict earlier TeamPCP infections rather than coexist with them. The campaign used a staging server hosting two related toolsets: the main PCPJack framework and a secondary credential-harvesting shell script paired with **Sliver** beacons. Stolen data was exfiltrated through **Telegram** and to a typosquatted CloudFront-like domain, suggesting an operation focused on credential theft and follow-on abuse rather than cryptomining. SentinelLABS found overlaps with historical TeamPCP targeting and tooling, but said the available evidence does not conclusively show that PCPJack operators are members of TeamPCP.
May 8, 2026
AgentTesla v3 Phishing Chain Used Five-Stage JavaScript Loader and SMTP Exfiltration
Breakglass Intelligence reported a credential-stealing campaign delivering **AgentTesla v3** through spear-phishing emails masquerading as purchase orders or request-for-quote documents. The infection chain used a heavily obfuscated JavaScript or JScript attachment that launched XOR-decrypted PowerShell, reflectively loaded a .NET component identified as `DEV.dll`, and performed process hollowing into `aspnet_compiler.exe` to run the final payload. The malware established persistence through `%APPDATA%\GLOZVJ\GLOZVJ.exe`, a Startup shortcut, and an `HKCU\Run` value named `GLOZVJ`, while a watchdog loop re-injected the payload if the host process was terminated. The payload harvested credentials and data from more than 40 browsers, over 20 email clients, FTP and VPN software, Discord tokens, Windows Credential Manager, clipboard contents, screenshots, and keystrokes, then exfiltrated the data over SMTP through `mail.cottondreams.org` on a Ukrainian VPS at `31.222.235.198`. Reports said the server used Exim, Dovecot, nginx, OpenSSH, ProFTPD, and FASTPANEL, and that plaintext SMTP credentials and weak certificate hygiene exposed poor operator security. Breakglass linked the infrastructure to activity dating back to domain registration in March 2024 and related samples seen since January 2025, assessing the operation as a persistent, financially motivated **AgentTesla MaaS** campaign with possible overlap with West African BEC-style tradecraft.
Apr 25, 2026
TeamPCP Expands From Next.js and npm Compromises to Proxy and Ransomware Operations
Researchers linked **TeamPCP** to multiple interconnected intrusion campaigns spanning web application exploitation, software supply-chain abuse, and infrastructure hijacking. Reporting on the **Operation PCPcat** and **React2Shell** activity said attackers exploited vulnerable **Next.js** deployments and compromised roughly **59,000 servers**, using them to steal credentials and build follow-on access. Separate investigations into the **CanisterWorm** campaign found dozens of malicious **npm** packages carrying hidden `postinstall` scripts that stole npm tokens from `.npmrc`, `/etc/npmrc`, and environment variables, then republished trojanized updates through victims’ own publisher accounts. The malware also established Linux persistence with a masqueraded user-level `systemd` service named **`pgmon`** and fetched later-stage payloads through **Internet Computer** canister infrastructure, complicating takedown efforts. Additional reporting tied the broader operation to compromised CI/CD ecosystems, residential proxy building, and ransomware monetization. An investigation into the **Xygeni GitHub Action** compromise found the same custom **ShadowLink** backdoor protocol used in malware that exploited **TP-Link** and **ASUS** routers, including abuse of **`CVE-2024-21833`** to install **microsocks** and maintain SOCKS5 proxy persistence via cron, `rc.local`, and NVRAM changes; researchers said this strongly links the router campaign to the Xygeni intrusion, while overlap with TeamPCP remains partly circumstantial. By late March, defenders reported TeamPCP had slowed new package compromises and shifted toward monetization through harvested credentials and dual ransomware tracks, including its own **CipherForce** operation and activity aligned with the **Vect** ransomware ecosystem; related fallout included **ownCloud** disclosing build infrastructure exposure through **`CVE-2026-33634`** associated with the Trivy compromise.
May 25, 2026