The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems.
In recent efforts targeting Western diplomatic stations and foreign embassies globally between early May and June 2022, the threat group APT29 also known as Cozy Bear or Nobelium has embraced this new strategy. However, the phishing documents included a link to a malicious HTML file that was used as a dropper for other harmful files, including a Cobalt Strike payload, to enter the target network.
Google and DropBox were alerted about the operation by Palo Alto Networks, and they took measures to restrict it. Organizations and governments have been cautioned by Unit 42 researchers to maintain a high state of alert. Organizations should be cautious about their capacity to identify, inspect, and block undesirable traffic to legitimate cloud storage providers in light of APT 29’s new methods.
APT29, also known as Cozy Bear, Cloaked Ursa, or The Dukes, is a cyber espionage organization that seeks to gather information that supports Russia’s geopolitical goals. It also carried out the SolarWinds supply-chain hack, which resulted in the compromising of se
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: