Most recently, hackers sponsored by the Russian government working under APT29 have been conducting a phishing campaign with the help of tools such as Google Drive and Dropbox to deliver malicious payloads on unsecured systems. The APT29 group goes by other aliases, such as Cozy Bear, Cloaked Ursa, or The Dukes, intending to collect sensitive foreign information.
In a report, Palo Alto Networks states that "these campaigns are believed to have targeted several Western diplomatic missions between May and June 2022. The lures included in these campaigns suggest targeting a foreign embassy in Portugal and a foreign embassy in Brazil."
Cluster25 stated that "the campaigns and the payloads analyzed over time show a strong focus on operating under the radar and lowering the detection rates. In this regard, even legitimate services such as Trello and Dropbox suggest the adversary's will to operate for a long time within the victim environments remaining undetected."
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.