A groundbreaking post-exploitation technique poses a significant threat to Amazon Web Services (AWS) users, potentially giving threat actors ongoing control over Linux and Windows machines. An incident response company, Mitiga, published an advisory to discuss the discovery of this new way for attackers to abuse AWS’ Systems Manager (SSM) agent.

The SSM agent, a legitimate tool found on Amazon EC2 instances and widely used by administrators to manage AWS resources, has been found to be exploitable by attackers who have gained high privilege access to an endpoint with the SSM agent installed. When exploited, the SSM agent can be repurposed as a Remote Access Trojan (RAT).

Using the SSM agent as a RAT offers attackers a powerful and stealthy method to carry out malicious activities on the compromised systems. The benefits they gain from leveraging this legitimate tool for malicious purposes are significant and provide them with a distinct advantage in evading detection and maintaining persistence.

The agent binary is signed by Amazon, a reputable source, which allows attackers to execute it without raising immediate alarms or triggering alerts. This level of trust makes it challenging for security solutions to identify the agent’s malicious activities, giving attackers a crucial foothold in their attack campaigns.

Like using remote monitoring and management (RMM) tools, by utilizing the SSM agent, attackers can avoid the need to upload and execute new RAT binaries on the compromised system. The SSM agent is already installed on the endpoint as a legitimate tool used for system management by administrators. As a result, attackers can leverage this existing binary to carry out their malicious activities, eliminating the need for additional code and reducing the risk of detection by security solutions that often flag new or suspicious binaries.

Another benefit lies in the ability for adversaries to use their own malicious AWS account as a Command and Control (C2) server. By communicating with the compromised SSM agent through their own AWS account, attackers can make their actions appear legitimate, making it harder for security teams to detect and attribute the attacks to the real threat actors.

Moreover, the SSM agent’s features provide attackers with control over the compromised endpoint and enable them to execute commands remotely, run scripts, and manipulate the target system in any desired manner. This broad control allows attackers to move laterally within the network, escalate privileges, and exfiltrate sensitive data, all while staying under the radar of security monitoring tools.

By exploiting the SSM agent as a RAT, adversaries can solely rely on the existing SSM service and agent without setting up additional attack infrastructure. This approach not only streamlines the attack process but also minimizes the chance of leaving behind traces or artifacts that could lead back to the attacker.

In Mitiga’s research, they explained two variations of how the SSM agent could be exploited. The first involved taking over or hijacking the SSM agent and redirecting it to communicate with the attacker AWS account instead of the intended one. The second added a second SSM agent process alongside the first so one was managed by the original owner and the second was managed by the threat actor.

Mitiga also provided suggestions for detecting each of the exploitation variations which included monitoring for changes to the agent’s instance ID, newly created processes including “amazon-ssm-agent,” multiple instances of “amazon-ssm-agent” process running at the same time, and losing contact with agents in the AWS portal.

In conclusion, the SSM agent offers attackers a powerful and sophisticated means of compromising systems, maintaining persistence, and controlling endpoints remotely. By exploiting the trust associated with this legitimate tool, adversaries can stay undetected, evading traditional security measures and heightening the challenges for defenders in detecting and mitigating such attacks.


To stay up to date on all APG intel, follow them on Twitter and Reddit.

Want something new to listen to?

Check out The Unfair Fight, a podcast by Jon Murchison, where you can hear conversations with experts surrounding geopolitics, high-level performance, entrepreneurship, and cybersecurity.