In a new campaign, a Russian-backed advanced persistent threat (APT) group appears to be exploiting Cloudflare’s infrastructure to deliver the official GammaLoad malware.
The threat actor, going by the name BlueAlpha, was spotted by the cybersecurity research firm Insikt Group as using this legitimate malware detection service for data mining, identity theft, and persistent access to compromised networks.
“BlueAlpha uses Cloudflare Tunnels to hide the infrastructure of the GammaDrop platform, avoiding traditional network detection methods,” Insikt researchers said in the letter. “The group delivers the malware through HTML smuggling, using sophisticated methods to bypass email security systems.”
Source link