Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

4 November 2024

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese government entity in early 2023, which leverages three modules, CGM, CGN, and COL, to hijack web sessions and access cloud services like Google Drive, Gmail, and Outlook. By stealing cookies from a victim’s browser, CloudScout can bypass 2FA and IP tracking and enable direct data retrieval from cloud storage. However, recent security measures like Device Bound Session Credentials and App-Bound Encryption could potentially mitigate the effectiveness of this technique. Compromise chain observed in the aforementioned network of a religious institution in Taiwan CloudScout, a malicious tool, was used in two cyberattacks targeting Taiwan.

Source: GBHackers

Date:

4 November 2024

Categorie(s):

NEWS

Tag(s):

Cyber Attack, Cyber Security News, Data, Data Breach, Data Exfiltration

Teen serial swatter-for-hire busted, pleads guilty, could face 20 years18 November 2024
Will passkeys ever replace passwords? Can they?17 November 2024
How Ransomware Jeopardizes Healthcare Organizations17 November 2024
Are Identity Theft Protection Services Worth the Money? It’s Complicated17 November 2024
Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked17 November 2024