Russian malware is spreading around the world

A Russian hacker group has tried to break into cloud services.

The malware has been spread with a false event invitation. PDO

The information security company Palo Alto Networks informs about the attacks by the Russian group Cloaked Ursa, the aim of which was probably to steal data for use by the Russian intelligence service.

Palo Alto Networks tells, that a disguised intrusion attempt has targeted Google Drive and DropBox cloud services. Attempts have been made to break into these services using the Cobalt Strike software.

The company’s press release states that intrusion attempts have targeted the embassies of different countries located in Portugal and Brazil, for example.

In the attack, an attempt has been made to fish for data with a false event call, in which a malicious HTML file has been used. If the target opens the file, it enables the Cobalt Strike software to be used as a contaminant and allows the attacker to access the data.

– What makes an attack attempt particularly dangerous is its ability to disguise itself from security software. In particular, the targets of the Russian intelligence service in these attacks have been the embassies of NATO countries and the cloud services they use, the release states.

ttn-54