August 7, 2024 at 10:07PM
Symantec’s threat hunters have observed an increase in state-sponsored cyber spies and criminals using legitimate cloud services for attacking victims. The criminals are making use of platforms like Google Drive and Microsoft for free accounts, along with encryption to avoid detection. Symantec has identified several campaigns and published a list of indicators of compromise for network defenders.
From the provided meeting notes, I have extracted the following key takeaways:
1. Nation-state APT groups and cyber criminals are increasingly using legitimate cloud services for their attacks.
2. Symantec threat hunters have identified multiple operations, including data theft and development of new malware tools, by these groups.
3. The use of cloud services provides benefits to attackers, including zero infrastructure costs and encryption to avoid detection.
4. Specific campaigns were discussed, such as the Grager backdoor using Microsoft’s Graph API and the MoonTag backdoor in development.
5. Various malware tools, including Tonerjam, Sneaky SnakeKeylogger, and Onedrivetools, have been observed being utilized by these groups.
6. Symantec has published indicators of compromise and MITRE tactics to assist network defenders in identifying and mitigating these attacks.
Would you like more details on any specific aspect of the meeting notes?