Unmasking the AWS SSM Agent: A Hidden Trojan Threat


Published on Aug 2, 2023   —   2 min read

Recently, researchers have discovered a covert post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be misused as a remote access trojan. This discovery has significant implications for cloud security and highlights the need for constant vigilance in the face of cyber threats.

The AWS SSM Agent Trojan:

The AWS SSM Agent, a tool commonly used by administrators to manage their AWS resources, can be repurposed by attackers who have gained high privilege access on an endpoint where the SSM Agent is installed. This allows the attacker to maintain access to the compromised machine and carry out various malicious activities.

The SSM Agent is a software installed on Amazon Elastic Compute Cloud (Amazon EC2) instances. It enables administrators to update, manage, and configure their AWS resources through a unified interface. However, its misuse as a trojan presents manifold advantages for cybercriminals. It is trusted by endpoint security solutions, eliminating the need for deploying additional malware that may trigger detection.

Post-Exploitation Techniques:

The post-exploitation techniques detailed by Mitiga, the cybersecurity research firm, presuppose that an attacker already has permissions to execute commands on the Linux or Windows endpoint that also has an SSM Agent installed and running.

One technique involves registering an SSM Agent to run in "hybrid" mode, allowing it to communicate with different AWS accounts other than the original AWS account where the EC2 instance is hosted. This causes the SSM Agent to execute commands from an attacker-owned AWS account.

An alternative approach uses the Linux namespaces feature to launch a second SSM Agent process, which communicates with the attacker's AWS account, while the already running SSM agent continues to communicate with the original AWS account.

Mitiga also found that the SSM proxy feature can be abused to route the SSM traffic to an attacker-controlled server, including a non-AWS account endpoint, thereby permitting the threat actor to control the SSM Agent without having to rely on AWS infrastructure.

Preventive Measures:

Organizations are recommended to remove the SSM binaries from the allow list associated with antivirus solutions to detect any signs of anomalous activity. It is also crucial to ensure that EC2 instances respond to commands that only come from the original AWS account using the Virtual Private Cloud (VPC) endpoint for Systems Manager.


After controlling the SSM Agent, attackers can carry out malicious activities, such as data theft, encrypting the filesystem (as a ransomware), misusing endpoint resources for cryptocurrency mining, and attempting to propagate to other endpoints within the network. All these activities can be carried out under the guise of using a legitimate software, the SSM Agent. This discovery highlights the importance of maintaining robust cybersecurity measures and staying abreast of the latest threats in the digital landscape.

Share on Facebook Share on Linkedin Share on Twitter Send by email

Subscribe to the newsletter

Subscribe to the newsletter for the latest news and work updates straight to your inbox, every week.