HQ/EMEAFind out how we can help your business
Hackers incorporate cloud services from Microsoft and Amazon into their campaigns to bring several commodity malware RATs such as AsyncRAT, Netwire, and Nanocore in gathering confidential data from infected systems.
Researchers stated that the spear-phishing campaigns, which started in October last year, have targeted organisations based in Singapore, Canada, Italy, and the United States.
Utilising existing infrastructure to facilitate the breaches is becoming part of a threat actor’s gameplay. It removed the need to host their server and used it as an obfuscation mechanism to avoid detection by AV solutions.
Social media and data-sharing websites, including popular cloud services, have become a widely used vector for spreading malware.
Recently, researchers have discovered communication and collaboration tools such as Telegram, Discord, and Slack as areas in many infection chains to exfiltrate data from the targets’ devices. The exploit of cloud services is a strategic extension that threat actors abuse as a first phase into intruding victim networks.
There are numerous aspects to this attack, and it points to the things experts usually observe being used and exploited by hackers.
Researchers also added that hackers use cloud services to host malware and exploit the dynamic DNS for C2 actions. Moreover, the layers of obfuscation point to the steady-state of cybercriminal acts takes lots of analysts to get down to the final payload of the cyberattack.
They also explained that these types of campaigns start with an invoice-modeled phishing email loaded with a ZIP file attachment that, if opened by a target, activates an attack chain that downloads next-phase droppers hosted on an Azure Cloud-based Windows server or an AWS EC2.
If the phishing attempt of the threat actors is a success, the deployment of multiple malware will initiate. The infected system will then distribute RATs such as Nanocore, Netwire, and AsyncRAT.
Hackers have always been opportunistic. They look for new and innovative methods to host RATs and infect victims. The exploitation of cloud services such as Discord and Slack will naturally be abused if not addressed by experts.
