Hackers are using cloud infrastructure to drop spyware

 

A new hacking campaign is using cloud infrastructure to drop spyware.  The campaign aims to breach cloud storage providers such as Google Firebase and Microsoft. This hacking campaign is being launched by a threat actor known as WIP26. Hackers are targeting employees in companies such as Dropbox, sending them phishing links, and then waiting for them to open the links so that the malware can be dropped. WIP26 uses public cloud infrastructure to make malicious C2 network traffic look legitimate and make detection harder. So far, the hacking campaign has targeted mainly organizations in the Middle East.