A recent Fog ransomware attack used tools previously unseen in similar attacks.
One of the utilities, GC2, can be used to execute commands using Google Sheets or Microsoft SharePoint List, and to exfiltrate data via Google Drive or Microsoft SharePoint documents. The attack also used an open-source proxy utility to deploy a legitimate employee monitoring application that supports screen recording and keystroke monitoring, among others. These tools have been used by China-based APTs in 2023, but have seemingly spread since those attacks.
Read more:
https://www.securityweek.com/fog-ransomware-attack-employs-unusual-tools/
