New Cyberattack Campaign Uses Public Cloud Infrastructure to Spread RATs

I’ve been asked if the cloud could be weaponized as well as what other concerns should organizations have regarding cloud security. The short answer is YES, cloud resources can be compromised and used by threat actors to deliver malware and security concerns need to be the same as any other IT resource. The cloud is not some magic fail safe. I have heard leaders in organizations make statements like “we don’t worry about ransomware since our backups are in the cloud” or “we use (Amazon/Azure/Google), which has built in security so we just need to worry about our specific resources”. These statements lead to a false sense of security. Recently, Amazon experienced a outage in the North East taking out everything from cloud delivered XDR platforms to the cloud management system for my door lock. Organizations need to assess the people, process and technology from the cloud the same way they assess private owned resources.

Darkreading just posted an article about a new attack campaign levering the cloud to deliver remote access tools. That article can be found HERE. Here is the first part of the article ..

A recently discovered attack campaign uses public cloud infrastructure to deliver variants of commodity RATs Nanocore, Netwire, and AsyncRATs to target users’ data, researchers report.

This campaign, detected in October, underscores how attackers are increasing their use of cloud technologies to achieve their goals without having to host their own infrastructure, report the Cisco Talos researchers who observed it. It’s the latest example of adversaries using cloud services, such as Microsoft Azure and Amazon Web Services, to launch their attacks.

“These types of cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments,” researchers wrote in a blog post. The strategy has another benefit, they added: “It also makes it more difficult for defenders to track down the attackers’ operations.”

Most victims in this case are in the United States, Italy, and Singapore, Cisco Secure product telemetry indicates. The remote administration tools (RATs) they’re targeted with are built with multiple features to take control of an environment, remotely execute commands, and steal the target’s information.

Continue reading at

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.