The exploitation of cloud services is a flexible weapon in the hands of attackers, so flexible that we uncover new campaigns abusing legitimate apps on a daily basis. Whether threat actors are driven by cybercrime or cyberespionage, they continue to target different audiences in different geographical regions of the world, exploiting different services in different phases of the attack chain (primarily delivery and distribution of malware, but also command and control, alongside the emerging spearphishing campaigns tailored specifically to target cloud accounts).
Two recent examples bring us to Brazil and Korea, where two distinct operations provided additional, unneeded, proofs of how legitimate internet services can be easily adapted for multiple roles and multiple purposes over the course of a malicious operation.