Hackers Use Google Cloud Computing Platform To Deliver Target Malware Attacks Via PDF

Cybers Guards
Google Cloud

Hackers have launched a worldwide malware campaign using the Google cloud computing platform via armed PDF.
Security researchers at the Netskope Threat Research Labs have detected this malware attack, mainly targeting the banking and finance industries. Public firms have also been targeted worldwide.

A recent Netskope blog post written by Ashwin Vamshi states that “Netskope Threat Research Labs detected several targeted attacks on 42 clients, mainly in the banking and finance sectors. The App Engine Google Cloud computing platform (GCP) used the threat actors involved in these attacks to deliver malware through PDF decoys. After further research, we have confirmed evidence of these attacks against governments and financial firms worldwide.

“Netskope researchers have also found that the threat group ‘ Cobalt Strike’ appears to be linked to several decoys.

The Netskope blog post explains that the hackers carried out the attack “… by abussing the GCP URL redirection in PDF decoys and redirecting to the malicious URL hosting the malicious payload.” It adds, “This target attack is more convincing than traditional attacks because the URL hosting the malware points the host URL to Google App Engine, giving the victim the belief that the file is delivered.

Read more.

Cybers Guards

Written by

CYBER’S GUARDS is an advanced, persistent online cyber security platform that includes cyber security research, web application and network penetration testing,

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade