Your *aaS is on fire, or how threat actors (ab)use cloud providers
In order to make a successful espionage campaign we need a couple things, one of them is infrastructure for both infection and exfiltration. Nowadays everyone was, is or will be moving their infra to the cloud so why not APTs?. Why set up a costly dedicated server when we can use free PaaS hosting? Why not use a cloud-storage service for exfiltration with all of it unlimited quota and backups?Want to host some malware? Guess who gets you covered?
There are quite a few threat actors that went that way, some of them were never talked about publicly and for some their operations that used cloud services somehow slipped through cracks, and those ones we would like to present to you.
While usage of such services is a great pain for defenders, it also creates some great opportunities – and we will show them!