Hacker Group PCPJack Hijacks Hundreds of Cloud Servers for Covert Email Network
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON (AP) — A hacker group known as PCPJack has seized control of 230 cloud servers across three major providers to construct a hidden email relay network, security researchers said Wednesday.
The operation, detected on June 5, 2026, involved compromised infrastructure hosted on Amazon Web Services, Google Cloud Platform, and Microsoft Azure. The servers were distributed across the United States, Europe, and Asia, allowing the attackers to route traffic through multiple jurisdictions.
PCPJack configured the hijacked machines to function as a covert Simple Mail Transfer Protocol (SMTP) relay network. This type of infrastructure is typically used to send bulk unsolicited emails or to mask the origin of malicious communications. By leveraging legitimate cloud resources, the group aimed to bypass standard spam filters and network security controls.
The breach was identified when unusual outbound traffic patterns were observed from the affected accounts. Cloud providers subsequently isolated the compromised instances to prevent further abuse. No data theft or financial loss has been confirmed at this stage, though the potential for the network to facilitate phishing campaigns or distribute malware remains a concern.
Security experts noted the sophistication of the attack, which required the group to bypass authentication mechanisms and maintain persistence across different cloud environments. The use of multiple providers suggests a strategy designed to increase resilience against takedown efforts. If one provider removes the compromised servers, the network could theoretically shift operations to the remaining infrastructure.
Amazon, Google, and Microsoft have not issued public statements regarding the specific incident. Industry analysts indicate that cloud providers routinely monitor for unauthorized activity and often work with law enforcement to address such threats.
The motive behind the PCPJack operation remains unclear. While the group has previously been associated with cybercriminal activities, no claim of responsibility has been made for this specific campaign. Researchers are investigating whether the network was intended for immediate exploitation or if it represents a long-term infrastructure build-up.
Law enforcement agencies in affected regions have not announced any investigations. The incident highlights the ongoing challenge of securing cloud infrastructure against determined adversaries who exploit misconfigurations or stolen credentials.
Questions remain regarding the full scope of the compromise and whether additional servers were involved. Security teams are continuing to scan for indicators of compromise across their own networks. The situation is developing as experts work to understand the capabilities and intentions of the group behind the attack.