The exploitation of cloud services in global conflicts is a growing issue, with popular apps like Microsoft OneDrive being used for malicious purposes. State-sponsored threat actors, such as APT29, are taking advantage of cloud services like OneDrive and Dropbox for their command and control infrastructure. These services offer simplicity, flexibility, and established trust, making it easier to launch attacks and evade network security defenses. Recent campaigns have targeted foreign embassies and government entities in Europe with an interest in Ukraine. A new malware variant called GraphicalProton has been utilized, utilizing the Microsoft OneDrive and Dropbox APIs. Another threat group linked to the Russo-Ukrainian conflict has developed a malware framework called CommonMagic, also leveraging OneDrive and Dropbox for its command and control infrastructure. A separate APT group operating out of Ukraine has deployed the CloudWizard malware framework, which exploits not only OneDrive and Dropbox but also Google Drive. Organizations must adopt a new security posture to protect against the exploitation of cloud applications. This includes educating users on responsible use, inspecting all HTTP/HTTPS downloads, configuring policies to reduce risk, and ensuring all security defenses work together. The rise of state-sponsored actors using cloud services should serve as a warning for users to be vigilant in their digital interactions. #cloudsecurity #cyberthreats #stateactors #OneDrive #Dropbox

https://www.infosecurity-magazine.com/blogs/battling-exploitation-cloud/