Security News > 2023 > January > Ransomware access brokers use Google ads to breach your network
A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks.
While there appear to be many threat actors abusing the Google Ads platform to distribute malware, two particular campaigns stand out, as their infrastructure was previously associated with ransomware attacks.
To make matters worse, Fernández discovered that a different but similar Google ads campaign was using infrastructure previously used by a threat group tracked as TA505, known to distribute the CLOP ransomware.
In this Google ads campaign, the threat actors distribute malware through websites pretending to be popular software, such as AnyDesk, Slack, Microsoft Teams, TeamViewer, LibreOffice, Adobe, and, strangely, websites for W-9 IRS forms.
While BleepingComputer did not contact Google regarding this article, we did contact them last week regarding a similar malware campaign distributed through Google ads.
The bad news is that the threat actors are constantly launching new ad campaigns and new sites, making it a giant game of whack-a-mole, and it doesn't feel like Google is winning.
News URL
Related news
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Henry Schein discloses data breach a year after ransomware attack (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Fog ransomware targets SonicWall VPNs to breach corporate networks (source)
- LA housing authority confirms breach claimed by Cactus ransomware (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)