Hackers Leveraging OneDrive Or Google Drive To Hide Malicious Traffic
Essential information
- Published
- 07/08/2024 16:11
- Modified
- 07/08/2024 16:37
- Tags
- 2024-08-07 api backdoor cloud espionage exfiltration gogra moontag onedrivetools trojan.grager whipweave
- Related entities
- 20 observables, 1 intrusion sets (apt), 10 techniques (mitre), 5 malware
Description
Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, GoGra, employed the Microsoft Graph API for command and control against a South Asian media organization. The Firefly group used a custom Python wrapper for a Google Drive client to exfiltrate sensitive data from a Southeast Asian military. Other malware families like Trojan.Grager, MoonTag, and OneDriveTools also leveraged cloud services for command and control infrastructure.