Product

Google Drive

4 briefs RSS

GreyVibe Targets Ukraine with AI-Generated Lures and Custom Malware

The likely Russian-aligned GreyVibe group is targeting Ukrainian organizations with AI-generated lures delivered via spear-phishing and malicious websites, deploying custom malware such as PhantomRelay, LegionRelay, and FallSpy to exfiltrate sensitive data.

google drive +8 GreyVibe ai-generated-lures cyberespionage ukraine malware phantomrelay legionrelay fallspy

2r 8t 3w ago

medium advisory

Google Workspace Drive Data Transfer or Takeout Export Initiated

2 rules 2 TTPs

This rule detects when Google Workspace administrators initiate bulk movement or export of user Drive data, including admin data transfer requests and Customer Takeout export jobs which can be abused by adversaries with administrative access to stage or exfiltrate sensitive files.

Google Workspace +1 google_workspace data_exfiltration cloud

2r 2t 3w ago

medium advisory

macOS Finder Sync Plugin Persistence via Pluginkit

2 rules 1 TTP

This rule detects suspicious Finder Sync plugin registrations on macOS, where adversaries abuse the pluginkit process to establish persistence by repeatedly executing malicious payloads.

OneDrive +5 persistence macos pluginkit finder sync plugin

2r 1t May 18, 2026

medium advisory

Masquerading Business Application Installers

2 rules 4 TTPs

Attackers masquerade malicious executables as legitimate business application installers to trick users into downloading and executing malware, leveraging defense evasion and initial access techniques.

Elastic Defend +22 masquerading defense-evasion initial-access malware windows

2r 4t Jan 2, 2024