PCPJack Hijacked 230 AWS, GCP, and Azure Servers to Run a Hidden SMTP Relay Network

This report documents discovery of exposed operator directories for a PCPJack/XSync campaign: recovered Sliver-integrated deployers, stock Chisel binaries, and state files show iterative deployments culminating in a 230-node SOCKS5 proxy fleet used as SMTP relays; artifacts include credential-harvesting tools, persistence mechanisms, verification daemons, and multiple infrastructure pivots with actionable IOCs (IPs, file paths, process indicators).