APT29, often known as Cozy Bear and Cloaked Ursa, is abusing cloud storage service Google Drive to distribute malware, researchers have warned.
Earlier this week, Unit 42 (the cybersecurity arm of Palo Alto Networks) found that the group, allegedly backed by the Russian state, was utilizing Google Drive to facilitate two campaigns focusing on diplomats and embassies in Portugal and Brazil.
“It is a new tactic for this actor and one which proves difficult to detect as a result of ubiquitous nature of those companies and the truth that they’re trusted by tens of millions of consumers worldwide,” Unit 42 claims.
“When using trusted companies is mixed with encryption, as we see right here, it turns into extraordinarily tough for organizations to detect malicious exercise in reference to the marketing campaign.”
As reported by TechCrunch, whereas this can be the primary time APT29 has used Google Drive particularly, the group is not any stranger to abusing authentic internet companies for its nefarious deeds.
In Could this 12 months, for instance, the group used Dropbox as a part of its command and management infrastructure, forcing the file-sharing firm to close down their accounts.
Unit 42 has notified Google and Dropbox, each of which have reportedly taken motion. To this point, Google has not commented publicly on the findings.
APT29 is an notorious risk actor within the cybersecurity world, maybe greatest identified for the SolarWinds assault (opens in new tab). It was APT29 that used stolen Microsoft 365 credentials to compromise SolarWinds’ infrastructure, and later used the entry to the community to poison a service replace with malware.
That replace ended up being put in on endpoints belonging to tens of hundreds of corporations, in addition to American authorities establishments. It’s usually thought of some of the devastating provide chain assaults of all time.
In accordance with TechCrunch, the EU international service additionally not too long ago warned everybody of accelerating exercise by Russian hackers, particularly because the invasion of Ukraine.
“This enhance in malicious cyber actions, within the context of the struggle towards Ukraine, creates unacceptable dangers of spillover results, misinterpretation and attainable escalation,” it stated.
By way of TechCrunch (opens in new tab)