August 7, 2024 at 10:07PM Symantec’s threat hunters have observed an increase in state-sponsored cyber spies and criminals using legitimate cloud services for attacking victims. The criminals are making use of platforms like Google Drive and Microsoft for free accounts, along with encryption to avoid detection. Symantec has identified several campaigns and published a list … Read more
June 12, 2024 at 06:16PM Symantec’s threat hunters suspect Black Basta ransomware gang exploited a Windows privilege escalation bug, CVE-2024-26169, before Microsoft’s patch. Symantec’s analysis suggests the ransomware could have been compiled pre-patch, allowing “at least one group” to exploit the vulnerability as a zero-day. The ransomware gang, tracked as Storm-1811, used social engineering attacks … Read more
May 2, 2024 at 06:08AM Nation-state espionage is increasingly using Microsoft’s services for their command-and-control needs, finding it more economical and effective than maintaining their own infrastructure. For example, Symantec discovered “BirdyClient,” a malware leveraging Microsoft Graph to operate through OneDrive. Multiple groups, including APT37 and Cozy Bear, have used this technique, requiring organizations to … Read more