Priya Patel
TLDR:
- FLUXROOT and PINEAPPLE hacker groups are abusing Google Cloud for credential phishing.
- Google Cloud serverless projects are being used to orchestrate credential phishing activity.
In a recent report, FLUXROOT and PINEAPPLE hacker groups have been identified as using Google Cloud serverless projects to conduct credential phishing attacks. The FLUXROOT group, based in Latin America, used Google Cloud container URLs to host credential phishing pages aimed at harvesting login information from users of the Mercado Pago online payments platform. This is part of a larger trend of threat actors leveraging serverless computing services for malicious activities.
Google has taken steps to mitigate these activities by removing malicious projects and updating their Safe Browsing lists. However, the weaponization of cloud services by threat actors poses a significant challenge for detection and mitigation efforts. The flexibility and ease of deployment of serverless platforms make it easier for threat actors to distribute malware and host phishing pages, making it harder for defenders to detect and respond to these attacks.
Overall, the abuse of cloud services for malicious purposes highlights the need for enhanced security measures and vigilance in the face of evolving cyber threats.
