Security News > 2022 > July > Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads
The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems.
What's changed in the newer iterations is the use of cloud services like Dropbox and Google Drive to conceal their actions and retrieve additional malware into target environments.
A second version of the attack observed in late May 2022 is said to have adapted further to host the HTML dropper in Dropbox.
EnvyScout, for its part, serves as an auxiliary tool to further infect the target with the actor's implant of choice, in this case, a.NET-based executable that's concealed in multiple layers of obfuscation and used to exfiltrate system information as well as execute next-stage binaries such as Cobalt Strike fetched from Google Drive.
"The use of DropBox and Google Drive services is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide," the researchers said.
The findings also coincide with a new declaration from the Council of the European Union, calling out the spike in malicious cyber activities perpetrated by Russian threat actors and "Condemn[ing] this unacceptable behavior in cyberspace."
News URL
https://thehackernews.com/2022/07/russian-hackers-using-dropbox-and.html
Related news
- Google deactivates Russian AdSense accounts, sends final payments (source)
- Russian-Linked Hackers Target Eastern European NGOs and Media (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- Hacker locks Unicoin staff out of Google accounts for 4 days (source)
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)