CyberScoop reports that Russian state-backed hacking group APT29 also known as Nobelium, Cozy Bear, or Cloaked Ursa behind the widespread SolarWinds hack has been leveraging cloud storage services such as Google Drive and Dropbox for malware distribution in spear-phishing attacks that began in early May.
Such cloud storage services have been used by APT29 as a means to evade detection, according to a report from Palo Alto Networks' Unit 42 threat intelligence team.
"This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide. When the use of trusted services is combined with encryption, as we see here, it becomes extremely difficult for organizations to detect malicious activity in connection with the campaign," said researchers.
Both Google and Dropbox said that they are already acting to protect user accounts from potential APT29 compromise.