Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

3 weeks, 2 days ago gbhackers

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese government entity in early 2023, which leverages three modules, CGM, CGN, and COL, to hijack web sessions and access cloud services like Google Drive, Gmail, and Outlook.

By stealing cookies from a victim’s browser, CloudScout can bypass 2FA and IP tracking and enable direct data retrieval from cloud storage.

However, recent security measures like Device Bound Session Credentials and App-Bound Encryption could potentially mitigate the effectiveness of this technique.

Compromise chain observed in the aforementioned network of a religious institution in Taiwan

CloudScout, a malicious tool, was used in two cyberattacks targeting Taiwan. In 2022, it was deployed to a religious institution’s network via MgBot, a botnet, while in 2023, it was found in a suspected government entity’s systems alongside the Nightdoor implant.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request ...

Copyright of this story solely belongs to gbhackers . To see the full text click HERE

Share: