2022-07-26

Russia APT29 Leverages Online Storage Services

Level: 
Tactical
  |  Source: 
Palo Alto Unit42
Government
Share:

Russia APT29 Leverages Online Storage Services

Research from Palo Alto Unit42 have identified Russian threat actor APT29 incorporating online storage services such as DropBox and Google Drive into their cybercrime operations. In terms of TTPs, the utilization of Google Drive is new for APT29, "The ubiquitous nature of Google Drive cloud storage services – combined with the trust that millions of customers worldwide have in them – make their inclusion in this APT's malware delivery process exceptionally concerning." Foreign diplomatic missions have been the focus of the group for the past six months. Phishing campaigns from APT29 were observed to have initially leveraged DropBox dropping the EnvyScout malware through a malicious LNK file. The use of Google Drive was observed starting in May 2022, to download additional payloads into the target environment such as Cobalt Strike.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now