Cloud Cover: How Malicious Actors Are Leveraging Cloud Services
Aug. 7, 2024, 11:37 a.m.
Description
In recent times, there has been a notable rise in the exploitation of legitimate cloud services by threat actors, including nation-state groups. Attackers have realized the potential of these services to provide low-cost infrastructure, evading detection as communication to trusted platforms may not raise suspicion. Over the past few weeks, Symantec's Threat Hunter Team uncovered three espionage operations utilizing cloud services and discovered evidence of additional tools under development.
Tags
Date
- Created: Aug. 7, 2024, 11:18 a.m.
- Published: Aug. 7, 2024, 11:18 a.m.
- Modified: Aug. 7, 2024, 11:37 a.m.
Indicators
- f69fb19604362c5e945d8671ce1f63bb1b819256f51568daff6fed6b5cc2f274
- fd9fc13dbd39f920c52fbc917d6c9ce0a28e0d049812189f1bb887486caedbeb
- f1ccd604fcdc0034d94e575b3709cd124e13389bbee55c59cbbf7d4f3476e214
- d728cdcf62b497362a1ba9dbaac5e442cebe86145734410212d323a6c2959f0f
- ab6a684146cec59ec3a906d9e018b318fb6452586e8ec8b4e37160bcb4adc985
- a76507b51d84708c02ca2bd5a5775c47096bc740c9f7989afd6f34825edfcba6
- 9f61ed14660d8f85d606605d1c4c23849bd7a05afd02444c3b33e3af591cfdc9
- 97551bd3ff8357831dc2b6d9e152c8968d9ce1cd0090b9683c38ea52c2457824
- 79e56dc69ca59b99f7ebf90a863f5351570e3709ead07fe250f31349d43391e6
- 582b21409ee32ffca853064598c5f72309247ad58640e96287bb806af3e7bede
- 527fada7052b955ffa91df3b376cc58d387b39f2f44ebdcb54bc134e112a1c14
- 45a5dd715dc5f08f3b987a0415c2e500c549508aadf4183fdb94f749af8f1d67
- 4057534799993a63f41502ec98181db0898d1d82df0d7902424a1899f8f7f9d2
- 89.42.178.13
- 157.245.159.135
- 103.255.178.200
- http://7-zip.tw/a/7z2301.msi
- http://7-zip.tw/a/7z2301-x64.msi
- 30sof.onedumb.com
- 7-zip.tw
Attack Patterns
- Backdoor.Graphican
- OneDriveTools
- Grager
- MoonTag
- GoGra
- BirdyClient
- Graphon
- Graphite
- Harvester
- T1585
- T1608.002
- T1567.002
- T1608.001
- T1059
Additional Informations
- Virgin Islands, U.S.
- Hong Kong
- Taiwan
- Ukraine