Product

Google Workspace

4 briefs RSS

ClickFix 'BackgroundFix' Campaign Delivers CastleLoader, NetSupport RAT, and CastleStealer

The 'BackgroundFix' ClickFix campaign uses social engineering to trick victims into downloading malware disguised as a free image-editing tool, leading to the deployment of CastleLoader, NetSupport RAT for remote access, and CastleStealer for credential theft.

Microsoft Windows +2 clickfix malware social-engineering rat infostealer castleloader netsupport

2r 3t 1i 4d ago

medium advisory

Google Workspace Login Attempt with Government Attack Warning

2 rules 1 TTP

A Google Workspace login attempt flagged as a potential attack by a government-backed threat actor, indicating potential privilege escalation, defense evasion, persistence, initial access, or impact.

Google Workspace googleworkspace intrusion initial-access persistence privilege-escalation

2r 1t 6d ago

medium advisory

Google Workspace Suspicious Login Activity

3 rules 1 TTP

Detect Google Workspace login activity that Google has classified as suspicious, potentially indicating initial access, privilege escalation, defense evasion, or persistence attempts.

Google Workspace initial-access privilege-escalation defense-evasion persistence gworkspace

3r 1t Jan 26, 2024

medium advisory

Detection of Out-of-Domain Email Forwarding in Google Workspace

2 rules 1 TTP

Detects automatic email forwarding to external domains in Google Workspace, which may indicate data leakage or misuse by malicious insiders or compromised accounts.

Google Workspace data-leakage gworkspace email-forwarding

2r 1t Jan 3, 2024