Russian threat actors group dubbed Cozy Bear Aka APT29 or Cloaked Ursula is found spreading malware to government agencies and businesses through Google and Dropbox storage services.
Between May and June this year, the initial targets of APT29 were western diplomats and those leading foreign embassies. They were sent emails that mimicked content related to meetings with ambassador/s. But in reality, their intention was to drop malicious files into targeted networks via malware-laced emails.
Security researchers from Palo Alto Networks were the first to discover this malicious campaign, and they immediately alerted the tech giants who somehow blocked those campaigns when launched.
We all know that both these cloud-based data storage services are trusted by millions or even billions, and any sniff of such campaigns can easily raise concerns among their users, respectively.
Google released a special bulletin on this note and reiterated the fact that breaking its encryption algorithm when data is on the fly is extremely hard and next to impossible. It also ruled out the speculation that some of its backend servers were in control of the threat actors.
Dropbox is yet to react to the news and apparently might have got its own measures to neutralize such much-speculated campaigns.
Wilson Fleming, an ex-employee of Palo Alto Networks who is working as an independent security researcher nowadays, is recommending organizations choose a single service, instead of going for hybrid environments. Also, he is advising the users to go for the business version of such services as it gives them immense control and massively cuts down the risk of being attacked.
Ā
