The hackers behind the infamous SolarWinds breach of 2020 appear to be at it again, this time using Google Drive to both hide and deliver malware, reports TechCrunch.
The Russian Foreign Intelligence Service hacking branch, also known as APT29, appears to have used Google Drive to deliver malware to “diplomatic missions and foreign embassies in Portugal and Brazil.” While APT29 has reportedly used Dropbox for “command and control infrastructure” purposes in at least one notable campaign, this weaponization of Drive seems to be an escalation of the prior cloud storage usage.
Palo Alto Networks’ Unit 42, a threat intelligence group, suggests that this usage of cloud storage will make tracking APT29’s movements and operations extremely difficult, especially when combined with encryption.
This is concerning for a lot of reasons, a major one being the recent rise in malicious activity from Russia. Both Google’s Threat Analysis Group and the EU foreign service have reported increases in Russian hacking activity in various contexts, including an app targeting Ukrainians and malicious activity across Europe.
With this increase in malicious activity, anyone associated with or in charge of a possible target should be taking significant steps to shore up their cybersecurity protocols.
David Wolpoff, a cybersecurity expert and CTO of Randori, posits that the most important mindset doesn’t involve establishing certainty that you or your network are never compromised; it’s ensuring that, when your network is invariably compromised, the hack is ultimately unsuccessful in its primary goal.
“The way I judge these events is not by whether someone is hacked, but by how much effort the adversary needed to expend to turn a compromise into a meaningful breach,” says Wolpoff.
“These breaches are reminders that nobody is immune to risk or being hacked…every company is subject to the same reality: Compromise is inevitable.”
Google Drive is ubiquitous enough that one can expect to see this tactic used a la SolarWinds sooner or later, with the former more likely than not. As Wolpoff suggests, working to minimize the number of possible damage attackers can do while brushing up on security literacy across your workplace is the best use of your time for now.
