I am starting a new project to track cloud-native threats, similarly to what I have done in 2020, with an interactive timeline. As soon as I collect more data I will start to generate some statistics. As usual the information is collected from open sources such as blogs, online news outlets, etc.
The campaigns are classified in four categories: Delivery and Exploitation (the cloud service is exploited to deliver a malware strain or a phishing page), Actions on Objective (the cloud service is exploited to steal data, or launch other attacks), Command and Control (the cloud service is exploited as a command and control infrastructure), and Data Exfiltration (the cloud service is used as a drop zone for the exfiltrated data).
Clicking on each box, whose logo shows the exploited service, opens a pop-up window with the details of the campaign, including the link to the orginal article (at the bottom of the window).
Of course if you have news of any similar campaign that I have omitted, feel free to let me know! And of course follow @paulsparrows on Twitter and LinkedIn for the latest updates.
Cloud Native Threats 2021
Date
Description
Link
Service
Type
Motivation
03/01/2021
Phishing on Firebase
Google Firebase
Delivery and Exploitation
Cyber Crime
04/01/2021
Researchers Disclose Details of FIN7 Hacking Group's Malware
Microsoft Sharepoint
Delivery and Exploitation
Cyber Crime
05/01/2021
Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets
Pastebin
Command and Control
Cyber Crime
08/01/2021
A crypto-mining botnet is now stealing Docker and AWS credentials
AWS
Actions on Objective
Cyber Crime
12/01/2021
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Microsoft Azure, Google App Engine
Command and Control
Cyber Espionage
12/01/2021
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Microsoft OneDrive, Google Drive, Dropbox
Data Exfiltration
Cyber Espionage
12/01/2021
Coronavirus Screening and Testing Phishing Emails, and a Sense of Urgency Among Employees
Google Forms
Delivery and Exploitation
Cyber Crime
14/01/2021
The data of 35 million users from Juspay goes on sales in the dark web
AWS
Actions on Objective
Cyber Crime
14/01/2021
DHL Phishing on Google Firebase
Google Firebase
Delivery and Exploitation
Cyber Crime
14/01/2021
Winnti APT continues to target game developers in Russia and abroad
Microsoft Azure, Google Docs
Delivery and Exploitation/Command And Control
Cyber Espionage
15/01/2021
Mobile malware with command and control on Dropbox
Dropbox
Command and Control
Cyber Crime
19/01/2021
GuLoader Campaign in italy
Google Drive
Delivery and Exploitation
Cyber Crime
19/01/2021
Malwarebytes confirms that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails.
Microsoft Office 365 Suite
Actions on Objective
Cyber Espionage
19/01/2021
ShinyHunters share a database that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.
AWS
Actions on Objective
Cyber Crime
20/01/2021
Thousands of BEC lures use Google Forms in recon campaign
Google Forms
Delivery and Exploitation
Cyber Crime
24/01/2021
The hacking group ShinyHunters leaks personal information of over 2 million MeetMindful users.
AWS
Actions on Objective
Cyber Crime
29/01/2021
Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender
Microsoft Forms
Delivery and Exploitation
Cyber Crime
03/02/2021
New 'Hildegard' Malware Targets Kubernetes Systems
N/A
Actions on Objective
Cyber Crime
04/02/2021
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
Google Firebase
Delivery and Exploitation
Cyber Crime
05/02/2021
Microsoft warns of increasing OAuth Office 365 phishing attacks
Microsoft Office 365 Suite
Actions on Objective
Cyber Crime
12/02/2021
New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign
Google Drive
Delivery and Exploitation
Cyber Crime
16/02/2021
A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams.
AWS
Delivery and Exploitation
Cyber Crime
16/02/2021
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware
AWS, Google Docs
Delivery and Exploitation
Cyber Crime
17/02/2021
Phishers tricking users via fake LinkedIn Private Shared Document
Google App Engine
Delivery and Exploitation
Cyber Crime
18/02/2021
Hackers abuse Google Apps Script to steal credit cards, bypass CSP
Google Apps Script
Delivery and Exploitation
Cyber Crime
18/02/2021
New Silver Sparrow adware targeting Apple M1 Processors
AWS
Command and Control
Cyber Crime
23/02/2021
10K Microsoft Email Users Hit in FedEx Phishing Attack
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Pingback: Veille Cyber N319 – 25 janvier 2021 |