Cloud Cover: How Malicious Actors Are Leveraging Cloud Services
Aug. 7, 2024, 11:37 a.m.
Tags
External References
Description
In recent times, there has been a notable rise in the exploitation of legitimate cloud services by threat actors, including nation-state groups. Attackers have realized the potential of these services to provide low-cost infrastructure, evading detection as communication to trusted platforms may not raise suspicion. Over the past few weeks, Symantec's Threat Hunter Team uncovered three espionage operations utilizing cloud services and discovered evidence of additional tools under development.
Date
Published: Aug. 7, 2024, 11:18 a.m.
Created: Aug. 7, 2024, 11:18 a.m.
Modified: Aug. 7, 2024, 11:37 a.m.
Indicators
f69fb19604362c5e945d8671ce1f63bb1b819256f51568daff6fed6b5cc2f274
fd9fc13dbd39f920c52fbc917d6c9ce0a28e0d049812189f1bb887486caedbeb
f1ccd604fcdc0034d94e575b3709cd124e13389bbee55c59cbbf7d4f3476e214
d728cdcf62b497362a1ba9dbaac5e442cebe86145734410212d323a6c2959f0f
ab6a684146cec59ec3a906d9e018b318fb6452586e8ec8b4e37160bcb4adc985
a76507b51d84708c02ca2bd5a5775c47096bc740c9f7989afd6f34825edfcba6
9f61ed14660d8f85d606605d1c4c23849bd7a05afd02444c3b33e3af591cfdc9
97551bd3ff8357831dc2b6d9e152c8968d9ce1cd0090b9683c38ea52c2457824
79e56dc69ca59b99f7ebf90a863f5351570e3709ead07fe250f31349d43391e6
582b21409ee32ffca853064598c5f72309247ad58640e96287bb806af3e7bede
527fada7052b955ffa91df3b376cc58d387b39f2f44ebdcb54bc134e112a1c14
45a5dd715dc5f08f3b987a0415c2e500c549508aadf4183fdb94f749af8f1d67
4057534799993a63f41502ec98181db0898d1d82df0d7902424a1899f8f7f9d2
89.42.178.13
157.245.159.135
103.255.178.200
http://7-zip.tw/a/7z2301.msi
http://7-zip.tw/a/7z2301-x64.msi
30sof.onedumb.com
7-zip.tw
Attack Patterns
Backdoor.Graphican
OneDriveTools
Grager
MoonTag
GoGra
BirdyClient
Graphon
Graphite
Harvester
T1585
T1608.002
T1567.002
T1608.001
T1059
CVE-2024-21893
CVE-2024-21887
Additional Informations
Virgin Islands, U.S.
Hong Kong
Taiwan
Ukraine