Finance

Hackers Use Google Cloud Platform in Phishing Attacks

22 - 29 January 2019

Threat actors, probably from the financially-motivated Cobalt Group, have been using Google Cloud Platform (GCP) for distributing malware to government and financial institutions worldwide.
Cyber_News_Finance
Threat actors, probably from the financially-motivated Cobalt Group, have been using Google Cloud Platform (GCP) for distributing malware to government and financial institutions worldwide. The attack starts with a phishing email containing a benign PDF attachment that has an URL pointing to the legitimate Google App Engine. Instead of connecting to GCP, a redirection mechanism in App Engine connects the user to the attacker-controlled domain and downloads a macro-embedded Word document. If the user opens and enables macros to view the Word document, the initial payload will be loaded and installed. The threat actors will use the initial access to load more scripts and tools for stealing information and to move laterally across the organisation's network. More than 42 companies have been targeted in this ongoing phishing campaign since January 2019.
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence