Google Drive Used For Phishing Attacks

Cybercriminals are now exploiting trusted platforms like Google Drive to launch phishing attacks and distribute malware—threats that can directly impact HR teams and recruitment processes.

Overview A sophisticated attack campaign, attributed to the threat actor APT-C-60, has been targeting organizations in Japan and other East Asian countries since August 2024. The attackers use social engineering tactics, specifically phishing emails disguised as job applications, to infiltrate corporate networks.

How It Happens

- Version Exploitation: Attackers replace legitimate Google Drive files with malicious versions, retaining the same link and metadata to deceive users.
- Malicious Link Sharing: Phishing links embedded in emails use Google Drive’s trustworthiness to bypass security filters.
- Limited Logging: Free Google Workspace accounts lack robust activity logs, hindering detection and investigation of malicious activity.

Implications

The use of trusted platforms like Google Drive and Bitbucket helps the attackers bypass traditional security measures. This campaign poses significant risks, including unauthorized access to sensitive data, disruption of services, and potential long-term persistence within the network.

For HR teams and recruiters, the consequences of such attacks can be significant:
- Data Exfiltration: Malicious actors could use these tactics to steal sensitive data, including employee records, resumes, and confidential company information.
- Credential Harvesting: Phishing attacks often aim to collect HR login credentials, granting attackers access to sensitive recruitment tools and systems.
- Operational and Financial Damage: Malware like ransomware could disrupt operations, incur recovery costs, and even lead to financial loss due to downtime.
- Damage to Trust and Reputation: If compromised, HR teams could unknowingly propagate malicious links to candidates and employees, damaging the organization’s reputation and relationships.

Final Thoughts

This incident underscores the importance of being cautious with unsolicited emails and links, even from seemingly legitimate sources. Organizations should:
Educate: Train their teams to identify phishing emails and verify links.
Enhance Security: Implement tools that scan shared links for malware.
Limit Access: Enforce strict data-sharing permissions.
Monitor Activity: Keep an eye on anomalies in file sharing or downloads.

Stay safe, stay ahead! 🔒