CloudScout: Evasive Panda scouting cloud services. (www.welivesecurity.com)
from Dot@feddit.org to technology@lemmy.world on 29 Oct 08:13
https://feddit.org/post/4222107

Key points:

  • The CloudScout toolset was detected in Taiwan, between 2022 and 2023, in the network of a religious institution and at a government entity.
  • CloudScout utilizes stolen cookies, provided by MgBot plugins, to access and exfiltrate data stored at various cloud services.
  • We analyzed three CloudScout modules, which aim to steal data from Google Drive, Gmail, and Outlook. We believe that at least seven additional modules exist.
  • Hardcoded fields in CloudScout’s web requests for stealing Outlook email messages suggest that the samples involved were crafted to target Taiwanese users.
  • Each CloudScout module, programmed in C#, is deployed by an MgBot plugin, programmed in C++.

#technology

threaded - newest