Research Saturday 10.8.22
Ep 253 | 10.8.22

Google Drive used for malware?

Show Notes

Jen Miller-Osborn from Palo Alto Networks' Unit 42 joins Dave to discuss their work on the Cloaked Ursa group, with a recent report released called "Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive." The research shares insights into an active campaign from Russia’s Foreign Intelligence Service, that is leveraging the use of trusted, legitimate cloud services including Google Drive as a staging platform to deliver malware.

The research states that when these tactics are used, it is extremely difficult for organizations to detect the malicious activity in connection with the campaign. These tactics are used to collect victim information, evade detection, and deliver Cobalt Strike.

The research can be found here: