PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every five minutes," Hunt.io said in

According to the report, the threat actor PCPJack hijacked roughly 230 cloud servers across AWS, Google Cloud, and Microsoft Azure and repurposed them into a covert SMTP relay network for email abuse, with compromised business servers verified for mail relay and synced to a downstream consumer every five minutes.[1] This is a cloud infrastructure compromise and email abuse campaign; the article does not describe any direct use of AI models or agents. From a CyberSE.AI perspective, such large-scale, automated misuse of cloud resources is a pattern that could similarly be applied to AI infrastructure (e.g., hijacking GPU or model-serving nodes) and complicates trust in third-party cloud environments supporting AI workloads. Organizations should harden their cloud and email infrastructure, and ensure AI-related workloads and supply-chain components (models, APIs, and orchestration services) are isolated, monitored, and inventoried via SBOM-style transparency to prevent similar covert abuse.