Hackers Use Google Cloud Computing Platform To Deliver Target Malware Attacks Via PDF
Hackers have launched a worldwide malware campaign using the Google cloud computing platform via armed PDF.
Security researchers at the Netskope Threat Research Labs have detected this malware attack, mainly targeting the banking and finance industries. Public firms have also been targeted worldwide.
A recent Netskope blog post written by Ashwin Vamshi states that “Netskope Threat Research Labs detected several targeted attacks on 42 clients, mainly in the banking and finance sectors. The App Engine Google Cloud computing platform (GCP) used the threat actors involved in these attacks to deliver malware through PDF decoys. After further research, we have confirmed evidence of these attacks against governments and financial firms worldwide.
“Netskope researchers have also found that the threat group ‘ Cobalt Strike’ appears to be linked to several decoys.
The Netskope blog post explains that the hackers carried out the attack “… by abussing the GCP URL redirection in PDF decoys and redirecting to the malicious URL hosting the malicious payload.” It adds, “This target attack is more convincing than traditional attacks because the URL hosting the malware points the host URL to Google App Engine, giving the victim the belief that the file is delivered.