CloudScout: Evasive Panda scouting cloud services.
(www.welivesecurity.com)
from Dot@feddit.org to technology@lemmy.world on 29 Oct 08:13
https://feddit.org/post/4222107
from Dot@feddit.org to technology@lemmy.world on 29 Oct 08:13
https://feddit.org/post/4222107
Key points:
- The CloudScout toolset was detected in Taiwan, between 2022 and 2023, in the network of a religious institution and at a government entity.
- CloudScout utilizes stolen cookies, provided by MgBot plugins, to access and exfiltrate data stored at various cloud services.
- We analyzed three CloudScout modules, which aim to steal data from Google Drive, Gmail, and Outlook. We believe that at least seven additional modules exist.
- Hardcoded fields in CloudScout’s web requests for stealing Outlook email messages suggest that the samples involved were crafted to target Taiwanese users.
- Each CloudScout module, programmed in C#, is deployed by an MgBot plugin, programmed in C++.
threaded - newest