It seems that one or two Trojans aren't enough for your average cyberattacker.
A recent campaign leveraging public cloud infrastructure is deploying not one, but three commercial Remote Access Trojans (RATs).
Nanocore, Netwire, and AsyncRAT payloads are being deployed from public cloud systems in what Cisco Talos suggests is a way for cyberattackers to avoid having to own or manage their own private, paid infrastructure -- such as through
'bulletproof' hosting which may eventually capture the interest of law enforcement.
This abuse allows cybercriminals to leverage the resources of cloud services managed by vendors including Microsoft Azure and Amazon Web Services (AWS) for malicious purposes.
"These types of cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments," Talos says. "It also makes it more difficult for defenders to track down the attackers' operations."