Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

CloudSnooper

Aliases

Snoopy

Tags
Rootkit
Techniques
In-band signaling
Incidents
Cyberoam breach (2018)
References
https://news.sophos.com/en-us/2020/02/25/the-cloud-snooper-malware-that-sneaks-into-your-linux-servers/https://malpedia.caad.fkie.fraunhofer.de/details/elf.cloud_snooperhttps://www.manageengine.com/log-management/aws-cloud-snooper-attack.html
Last edited
Feb 19, 2025 2:21 PM

Cloud Snooper is a malware targeting both Linux and Windows servers, including those hosted on Amazon Web Services (AWS). It employs a rootkit to establish a backdoor, enabling attackers to bypass firewall restrictions and communicate with compromised systems via covert channels. The malware inspects incoming HTTP and HTTPS traffic, identifying specially crafted packets that signal commands from the attackers. This technique allows unauthorized access and data exfiltration while evading traditional security measures.

Made with 💙 by Wiz

Last Updated: April 3, 2025