Google Drive And Dropbox Used By APT29 To Deliver Malicious Payloads
Organizations around the world rely on the use of trusted, reliable online storage services - such as DropBox and Google Drive - to conduct day-to-day operations.
However, Palo Alto's latest research shows that threat actors are finding ways to take advantage of that trust to make their attacks extremely difficult to detect and prevent.
The latest campaigns conducted by an advanced persistent threat (APT) that is tracked by Palo Alto as Cloaked Ursa (also known as APT29, Nobelium or Cozy Bear) demonstrate sophistication and the ability to rapidly integrate popular cloud storage services to avoid detection.
Featured Resources
View More Resources
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover
CVE-2026-26117 lets attackers hijack Azure Arc on Windows, escalate to SYSTEM, and seize the machine’s cloud identity.
Exposure Validation Demo
Demo of automated offensive simulations validating detection, prevention, and IOC coverage
Validate What Matters: Simulate Real-World Identity and Privilege Attacks in AD and Entra ID
Identity is the new perimeter. The move to the cloud and remote work creates new security boundaries based on users and services operating across cloud and hybrid environments, making