XRayC2 Exploits AWS

Cyber Security News by CyberSum.net

Published on October 6, 2025 at 09:00 AM

2 sources

Researchers have unveiled XRayC2, a command-and-control framework that weaponizes Amazon Web Services’ X-Ray distributed application tracing service to establish covert communication channels, allowing attackers to abuse legitimate cloud monitoring infrastructure to bypass traditional network security controls and create bidirectional communication platforms for malicious activities, making detection significantly more challenging due to the use of legitimate AWS domains and authentication mechanisms.

Also Read

Spear-Phishing Campaign Targets Automobile and E-commerce Industries

Researchers at SEQRITE Labs have uncovered a targeted spear-phishing campaign aimed at organizations in the automobile and e-commerce industries. The operation, active since early October 2025, deploys a previously undocumented .NET-based backdoor dubbed CAPI, designed for credential theft, system reconnaissance, and persistent access. The attack chain uses tax-related decoy documents to lure employees and executes the payload through rundll32.exe, a legitimate Windows binary, to evade detection. The infection begins with a malicious ZIP archive named Payroll Recalculation as of October 1, 2025. Inside the ZIP, analysts found both LNK and PDF files, a common spear-phishing tactic to disguise executable payloads as legitimate business documents.

By Cyber Security News by CyberSum.netOctober 20, 2025 at 06:00 AM