1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • The SolarWinds hackers are back - and smuggling malware in Google

    From TechnologyDaily@1337:1/100 to All on Thu Jul 21 12:15:04 2022
    The SolarWinds hackers are back - and smuggling malware in Google Drive

    Date:
    Thu, 21 Jul 2022 10:54:03 +0000

    Description:
    APT29 is continuing to abuse legitimate services to disguise attacks.

    FULL STORY ======================================================================

    APT29, also known as Cozy Bear and Cloaked Ursa, is abusing cloud storage service Google Drive to distribute malware , researchers have warned.

    Earlier this week, Unit 42 (the cybersecurity arm of Palo Alto Networks) discovered that the group, allegedly backed by the Russian state, was using Google Drive to facilitate two campaigns targeting diplomats and embassies in Portugal and Brazil.

    This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide, Unit 42 claims.

    When the use of trusted services is combined with encryption, as we see here, it becomes extremely difficult for organizations to detect malicious activity in connection with the campaign. Abusing legitimate tools

    As reported by TechCrunch , while this may be the first time APT29 has used Google Drive specifically, the group is no stranger to abusing legitimate web services for its nefarious deeds.

    In May this year, for example, the group used Dropbox as part of its command and control infrastructure, forcing the file-sharing company to shut down their accounts.

    Unit 42 has notified Google and Dropbox, both of which have reportedly taken action. So far, Google has not commented publicly on the findings.

    APT29 is an infamous threat actor in the cybersecurity world, perhaps best known for the SolarWinds attack . It was APT29 that used stolen Microsoft 365 credentials to compromise SolarWinds infrastructure, and later used the
    access to the network to poison a service update with malware. Read more

    Dangerous new malware dances past more than 50 antivirus services



    New analysis uncovers extensive SolarWinds attack infrastructure



    These are the best patch management services around

    That update ended up being installed on endpoints belonging to tens of thousands of companies, as well as American government institutions. It is generally considered one of the most devastating supply chain attacks of all time.

    According to TechCrunch , the EU foreign service also recently warned
    everyone of increasing activity by Russian hackers, especially since the invasion of Ukraine.

    This increase in malicious cyber activities, in the context of the war
    against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation, it said. Protect your endpoints with the best endpoint protection services out there

    Via TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/news/the-solarwinds-hackers-are-back-and-smuggling-m alware-in-google-drive/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)