Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Hackers Host Malicious payloads on Google Cloud Storage to Bypass Security System
[Image: hacker-attacking-internet-picture-id5408...kr6AmshcU=]

    Recently, malicious actors utilized Google Cloud Storage services in order to host malicious payloads to breach the security of organization's networks via bypassing their security controls. Their main point of attack was Google Cloud Storage's service domain, [storage.googleapis.com] which is utilized by many companies all over the world. 

  This campaign mainly targeted employees of banks and other services in the financial sectors which are based in the US and UK, and it is speculated that this campaign has been in operation since August of this year. The attack was first initiated via email, these emails had phishing links attached to them. These links all pointed to a malicious website that was hosted on the Google Cloud. It was later analyzed by researchers that over 4,600 phishing sites used legit hosting services. This is known as [reputation jacking]; where a malicious site hides behind a legit and recognized hosting service. 

  The payloads themselves consisted of malicious obfuscated VBS scripts, these same scripts seemed to belong to the Houdini malware family, one file in particular, a JAR file [Swift invoice.har] belongs to the aforementioned malware family. There are other JAR files that are being looked over, and these ones may belong to the Qrat malware family. 

  That was the news folks, have a good week, and stay safe out there. 

01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Homeland Security Issues Urgent Windows Security Warning Over Zerologon Exploit News 0 64 09-21-2020, 09:26 AM
Last Post: News
Star News Zoom adds Two-factor authentication (2FA) as extra layer of security News 0 84 09-12-2020, 10:25 AM
Last Post: News
Star News Google Adsense stopped working!!! Mr.Kurd 0 187 08-11-2020, 10:56 PM
Last Post: Mr.Kurd
Star News Google: Eleven zero-days detected in the wild in the first half of 2020 Mr.Kurd 0 333 08-02-2020, 10:49 PM
Last Post: Mr.Kurd
Brick News Website Security Breach Exposes 1 Million DNA Profiles Mr.Kurd 0 189 07-25-2020, 10:25 PM
Last Post: Mr.Kurd
Exclamation News Does TikTok Really Pose a Risk to US National Security? Mr.Kurd 0 157 07-25-2020, 10:13 PM
Last Post: Mr.Kurd
Exclamation News Windows SMB Protocol Bug Let Hackers Leak Kernel Memory & Execute a Code Remotely Mr.Kurd 0 387 06-12-2020, 08:24 AM
Last Post: Mr.Kurd
Exclamation News $100,000 Bounty Apple Zero-day Bug in “Sign in with Apple” Let Hackers Take Takeover Mr.Kurd 0 348 06-01-2020, 07:42 AM
Last Post: Mr.Kurd
Shocked News Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends Mr.Kurd 0 445 04-09-2020, 08:55 AM
Last Post: Mr.Kurd
Star News Hackers Are Bundling Cryptominer With a Seemingly Legit Zoom Installer on Unofficial Mr.Kurd 0 379 04-08-2020, 08:43 AM
Last Post: Mr.Kurd

Users browsing this thread: 1 Guest(s)