Research by Unit 42 revealed that APT29, aka Nobelium and Cozy Bear, has resorted to leveraging cloud storage services, including Google Drive, to attack multiple Western diplomatic missions. Phishing messages within included a link to a malicious HTML file, EnvyScout, that acts as a dropper to secondary malware, such as Cobalt Strike.
Support the originator by clicking the read the rest link below.