Skip to content

Amazon Web Services face RAT exploitation from own SSM Agent

  • by
  • 3 min read

Photo: Sundry Photography /

Cybersecurity researchers have unveiled a new post-exploitation technique that leverages Amazon Web Services (AWS) Systems Manager Agent (SSM Agent) as a remote access trojan on Windows and Linux environments.

The SSM Agent, a legitimate tool administrators use to manage AWS instances, can be ingeniously repurposed by threat actors with elevated privileges on a compromised endpoint. This allows them to maintain access and carry out ongoing malicious activities undetected.

The insidious attack vector necessitates that attackers have already breached the target’s defensive systems. Once in, they can manipulate the SSM Agent to evade detection by antivirus software, exploiting AWS’s reputation to conceal their tracks. Being a trusted component, the SSM Agent facilitates covert persistence, eliminating the need for additional malware deployment that could trigger alarms.

Researchers from Mitiga detailed three post-exploitation techniques that enable attackers to utilise the SSM Agent for their nefarious purposes. Firstly, registering the SSM AGent in “hybrid” mode can communicate with AWS accounts different from the one hosting the compromised EC2 instance. This grants the attacker’s AWS account control over the SSM Agent, opening the door for remote supervisory access.

Linux server root agent enabling the “Run Command”. | Source: Mitiga

The second approach capitalises on Linux namespaces, enabling the launch of a second SSM Agent process that communicates with the attacker’s AWS account while the original SSM Agent continues to interact with the original AWS account. This simultaneous operation allows for stealthy control.

Lastly, Mitiga discovered the misuse of the SSM proxy feature, routing SSM traffic to an attacker-controlled server on a non-AWS account endpoint. This tactic grants complete control over the SSM Agent, bypassing reliance on AWS infrastructure.

Linux server non-root agent enabling the “Start Command”. | Source: Mitiga

Mitiga’s report emphasises that Linux and Windows machines with an active SSM Agent installed are at risk of post-exploitation persistence. Organisations are advised to remove SSM binaries from antivirus, allow lists to detect anomalies and ensure EC2 instances respond only to commands originating from the original AWS account using the Virtual Private Cloud (VPC) endpoint for Systems Manager.

By seizing control of the SSM Agent, hackers can execute various malicious activities, from data theft and ransomware deployment to cryptocurrency mining and lateral movement within the network.

In the News: Hacktivist group cDc to unveil Veilid encryption for privacy-first apps

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: