DarkHydrus Hackers Use Google Drive in Recent Attacks

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The DarkHydrus threat group has added new functionality to the payloads used in recent attacks and is also leveraging Google Drive for command and control (C&C) purposes, Palo Alto Networks security researchers say.

Initially detailed in the summer of 2018, when it was using open-source tools in attacks targeting government entities in the Middle East, the group was also registering typosquatting domains for security or technology vendors and leveraging novel file types as anti-analysis techniques.

The security researchers collected a total of three DarkHydrus delivery documents that were delivering a new variant of the group’s RogueRobin Trojan. None of these macro-enabled Excel documents contained instructions for the intended victims to enable the macros but such instructions might have been provided at delivery.

Palo Alto Networks’ researchers couldn’t establish how the documents were delivered or when they were used in attacks, but they believe DarkHydrus created these documents in December 2018 and January 2019.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top