PCPJack Hijacks 230 Cloud Servers to Create Covert SMTP Email Relay Network

The threat actor identified as PCPJack hijacked 230 cloud servers from Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to establish a covert SMTP email relay network. Compromised business servers across the U.S., Europe, and Asia were repurposed into SMTP proxies, verified for mail relay functionality, and synchronized with a downstream consumer every five minutes. The operation was documented by Hunt.io, though no specific timeline or CVE identifiers were disclosed. The attack leverages misconfigured or vulnerable cloud instances to facilitate unauthorized email transmission. No additional technical details about the exploitation method or impact on affected organizations were provided.