Cloud Cover: How Malicious Actors Are Leveraging Cloud Services

216.73.217.22

Cloud Cover: How Malicious Actors Are Leveraging Cloud Services

· Published 07/08/2024 11:18 · Modified 07/08/2024 11:37

Essential information

Published: 07/08/2024 11:18
Modified: 07/08/2024 11:37
Tags: 2024-08-07 birdyclient cloud espionage gogra grager graphite graphon moontag
Related entities: 2 vulnerabilities (cve), 20 observables, 1 intrusion sets (apt), 5 techniques (mitre), 8 malware, 4 others

Description

In recent times, there has been a notable rise in the exploitation of legitimate cloud services by threat actors, including nation-state groups. Attackers have realized the potential of these services to provide low-cost infrastructure, evading detection as communication to trusted platforms may not raise suspicion. Over the past few weeks, Symantec's Threat Hunter Team uncovered three espionage operations utilizing cloud services and discovered evidence of additional tools under development.

Related entities

External references

https://symantec-enterprise-blogs.security.com/threat-intelligence/cloud-espionage-attacks
https://otx.alienvault.com/pulse/66b3580bcb0f4106534933ef