APT29, also referred to as Cozy Bear and Cloaked Ursa, is abusing cloud storage service Google Drive to distribute malware, researchers have warned.
Earlier this week, Unit 42 (the cybersecurity arm of Palo Alto Networks) found that the group, allegedly backed by the Russian state, was utilizing Google Drive to facilitate two campaigns concentrating on diplomats and embassies in Portugal and Brazil.
“It is a new tactic for this actor and one which proves difficult to detect as a result of ubiquitous nature of those providers and the truth that they’re trusted by tens of millions of consumers worldwide,” Unit 42 claims.
“When using trusted providers is mixed with encryption, as we see right here, it turns into extraordinarily tough for organizations to detect malicious exercise in reference to the marketing campaign.”
As reported by TechCrunch , whereas this can be the primary time APT29 has used Google Drive particularly, the group isn’t any stranger to abusing legit internet providers for its nefarious deeds.
In Might this 12 months, for instance, the group used Dropbox as a part of its command and management infrastructure, forcing the file-sharing firm to close down their accounts.
Unit 42 has notified Google and Dropbox, each of which have reportedly taken motion. Thus far, Google has not commented publicly on the findings.
APT29 is an notorious risk actor within the cybersecurity world, maybe finest identified for the SolarWinds assault (opens in new tab) . It was APT29 that used stolen Microsoft 365 credentials to compromise SolarWinds’ infrastructure, and later used the entry to the community to poison a service replace with malware.
That replace ended up being put in on endpoints belonging to tens of hundreds of firms, in addition to American authorities establishments. It’s typically thought of some of the devastating provide chain assaults of all time.
In line with TechCrunch , the EU international service additionally lately warned everybody of accelerating exercise by Russian hackers, particularly because the invasion of Ukraine.
“This enhance in malicious cyber actions, within the context of the battle in opposition to Ukraine, creates unacceptable dangers of spillover results, misinterpretation and potential escalation,” it mentioned.
By way of TechCrunch (opens in new tab)
