According to recent reports, Russian hackers behind the infamous SolarWinds espionage campaign are now affecting Google Drive with malware to stealthily deliver the malicious code to their latest victims. As per the researchers at Palo Alto Networks’ Unit 42 threat intelligence team, the Russian Foreign Intelligence Service (SVR) hacking unit — tracked as “Cloaked Ursa” by Unit 42 but more commonly known as APT29 or Cozy Bear — has incorporated Google’s cloud storage service into its hacking campaigns to hide their malware and their activities.
Russian Hackers Have Been Targeting Diplomatic Missions and Foreign Embassies
Moreover, the Russian hackers, APT29 have employed this new tactic in recent campaigns targeting diplomatic missions and foreign embassies in Portugal and Brazil between early May and June 2022, according to Unit 42. “This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide,” the researchers said. “When the use of trusted services is combined with encryption, as we see here, it becomes extremely difficult for organizations to detect malicious activity in connection with the campaign.”
Furthermore, while this is the first time the Russian hackers, APT29 have used Google Drive, it’s not the first time the group has abused legitimate web services. As documented by security giant Mandiant in May, these Russian hackers incorporated Dropbox as part of its command and control infrastructure in a campaign targeting diplomats and various government agencies. Unit 42 disclosed the activity to both Dropbox and Google, which took action.
Cybercriminals Group ‘Turla’ Has Also Been Targeting Ukrainians
Google’s Threat Analysis Group (TAG) also revealed on Tuesday that Russian hackers, Turla have been targeting Ukrainians via an app purportedly designed to carry out distributed denial of service (DDoS) attacks against Russia. The app, known as CyberAzov, promised to let users “help stop Russian aggression against Ukraine.”
Read more: Hacker Claims to Have Stolen Records of One Billion Chinese Citizens
