State-sponsored hackers working for Russia’s Federation Foreign Intelligence Service (SVR) have started using Google Drive, a reliable cloud storage service, in order to avoid detection. These Russian threat actors are abusing the trust of millions of people worldwide by using online storage services to exfiltrate data and distribute their malware and dangerous tools, making their attacks extremely difficult to identify. This new strategy was adopted by the threat group known as APT29 (also known as Cozy Bear or Nobelium) in recent attacks that targeted Western diplomatic missions and foreign embassies between May and June 2022. “We have discovered that their two most recent campaigns leveraged Google Drive cloud storage services for the first time. The ubiquitous nature of Google Drive cloud storage services…make their inclusion in this APT’s malware delivery process exceptionally concerning,” stated Unit 42 analysts.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that