Google TAG closely tracks the activity of APT 29 and regularly exchanges information with other threat intelligence researchers, including Palo Alto Networks, according to Shane Huntley, senior director at Google TAG. Researchers said the data being collected during these campaigns include machine names, usernames and a list of running processes. “That means you can easily get Google accounts for free and use that to collect information and host malware.”
“Using Google Drive and Dropbox is a low-cost way to leverage trusted applications,” Unit 42 researchers said through a spokesperson. What stands out under this particular campaign is how the threat actor, which Unit 42 researchers call Cloaked Ursa, continues to innovate and find new ways to evade detection.
0 kommentar(er)
