There is no doubt that online storage services are becoming increasingly essential to the management of day-to-day operations for organizations around the world. Among these services, the most used and popular ones are:-
Although some services are trusted by the general public more and more, there are threats that are exploiting the trust in them. The goal of these threat actors is to make it extremely difficult to detect and prevent their attacks in the future owing to this technology and trust.
It has been reported that the latest attacks have been carried out by an APT group, which has been identified as APT29 (also known as Cozy Bear, Cloaked Ursa, Nobelium) by the Palo Alto Networks security experts.
The APT29 group was a Russian hacking group that was supported by the SVR (The Russian Foreign Intelligence Service) and was operated by several secret government services.
Cloud services are not a new thing to this group, but they do use trusted, legitimate ones a lot to make things more complicated. For the first time, they were able to utilize the cloud storage services of Google Drive and DropBox for both of their most recent campaigns.
There is a great deal of concern regarding the inclusion of Google Drive cloud storage services in the malware delivery process used by this APT given their omnipresent nature.
There is a new campaign being conducted against a NATO member country in Europe that Unit 42 identified on May 24, 2022. In this campaign, two emails were sent to the same target country at roughly the same time several hours apart, which was odd.
The lure document in both emails was named Agenda.pdf, which is the same file in both emails. An agenda for a meeting with an ambassador to Portugal was provided as a link in the email.
During the year 2020, a large number of U.S. federal agencies were compromised as a result of the SolarWinds supply-chain attack, carried out by APT29.
A number of US Attorney’s offices were breached during the global hacking lark perpetrated by SolarWinds at the end of July, according to the US Department of Justice, the last US government to divulge the breach.
Since the SolarWinds supply chain attack, APT29 has managed to breach the networks of other companies as well. Stealthy malware is used in their campaigns, which have remained undetected for a substantial period of time. They make use of malware such as:-
In addition to targeted attacks on managed service providers (MSPs) and cloud service providers, the group has also targeted the IT supply chain.
Microsoft revealed its involvement in the case in October, after revealing that the group has compromised at least 14 companies since May 2021.
To mitigate this threat cybersecurity analysts have strongly recommended all organizations to obey the following mitigations:-
WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…