Phishing Campaigns Exploit Google Cloud Projects

Two criminal groups discovered utilizing Google Cloud projects for malicious operations

Google Cloud Abused by Multiple Latin American Hacking Groups in Phishing Campaigns

Phishing Campaigns Exploit Google Cloud Projects According to Google’s biannual Threat Horizons Report, several hacking collectives, including FLUXROOT and PINEAPPLE, have been observed exploiting Google Cloud infrastructure for their malicious activities in Latin America.

Google Cloud Projects

FLUXROOT, for instance, orchestrated a phishing campaign aimed at stealing login credentials for Mercado Pago, a prominent online payments platform in the region. The threat actors utilized Google Cloud container URLs to host their phishing pages, leveraging the platform’s serverless architecture for flexibility and cost efficiency.

Meanwhile, PINEAPPLE employed compromised Google Cloud instances and created their own projects to distribute Astaroth (also known as Guildma), a well-known infostealer malware. This involved setting up container URLs on legitimate Google Cloud domains such as cloudfunctions.net and run.app, directing victims to malicious infrastructure.

Google responded swiftly by shutting down the malicious Google Cloud projects and updating its Safe Browsing list to mitigate further risks. The company emphasized that threat actors are increasingly exploiting serverless computing services across various cloud providers to evade detection and execute malicious activities.

HMD Crest Series Set to Debut in India on July 25, Promising a New Era of Portrait Photography

Leave a Reply

Your email address will not be published. Required fields are marked *