CyberScoop reports that Russian state-backed hacking group APT29 also known as Nobelium, Cozy Bear, or Cloaked Ursa behind the widespread SolarWinds hack has been leveraging cloud storage services such as Google Drive and Dropbox for malware distribution in spear-phishing attacks that began in early May.
Such cloud storage services have been used by APT29 as a means to evade detection, according to a report from Palo Alto Networks' Unit 42 threat intelligence team.
"This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide. When the use of trusted services is combined with encryption, as we see here, it becomes extremely difficult for organizations to detect malicious activity in connection with the campaign," said researchers.
Both Google and Dropbox said that they are already acting to protect user accounts from potential APT29 compromise.
Cloud Security, Threat Management, Supply chain
Google Drive, Dropbox leveraged by SolarWinds hackers
Share
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Related Terms
BotnetCorruptionDarknetData MiningDeepfakeDenial of ServiceDistributed ScansDrive-by DownloadDumpSecGreynetGet daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds