XRayC2 Framework Abuses AWS for Covert C2 Attacks

Researchers have developed XRayC2, a new command-and-control framework that weaponizes the AWS X-Ray service. This technique allows attackers to establish covert communication channels by abusing the legitimate cloud monitoring infrastructure. Malicious traffic is blended with normal application data by using X-Ray's annotation feature to send commands and exfiltrate results. All communications are routed through legitimate AWS domains and authenticated with standard protocols, making detection extremely difficult. This development underscores the growing trend of attackers abusing trusted cloud services to bypass traditional security controls.

Latest mentioned: 10-06

Earliest mentioned: 10-05

Sources

securityaffairs.com gbhackers.com cybersum.net

Also Read

Gunra Ransomware Targets Windows and Linux Systems

Gunra ransomware, active since April 2025, poses a significant threat with its dual-platform capability, targeting both Windows and Linux systems. The Windows variant uses ChaCha8 encryption and secure random number generation, making decryption impractical. In contrast, the Linux variant employs ChaCha20 encryption but suffers from a cryptographic flaw due to weak random number generation, allowing potential file recovery through brute-force attacks. Organizations must develop platform-specific threat intelligence and incident response strategies to mitigate risks effectively.

10-29Read more →