Cybercriminals from the ART31 group, which many experts consider Chinese, have begun using Yandex.Disk in their attacks on users’ computers, Positive Technologies told Izvestia.

Previously, other popular services, such as Dropbox, were used in this scheme. The attackers used the storage from the Russian Federation for the first time, experts say.

Since the beginning of 2022, a hacker group has attacked a number of media outlets and companies in the fuel and energy sector using the described technology, Positive Technologies recorded. The virus is sent either by email or through pre-existing vulnerabilities in other programs, security experts added.

“The study showed that the attackers use Yandex.Disk as a control server. APT31 used a popular cloud service, among other things, to make the traffic look like legitimate, ”Daniil Koloskov, an expert at Positive Technologies, explained to Izvestia.

According to him, the malware that uses Yandex.Disk as a control server is extremely difficult to identify.

“In fact, this is normal legitimate traffic between the client and the service. These malware can only be detected in dynamics using monitoring tools, including anti-virus technologies,” Daniil Koloskov emphasized.

Sky-high technologies: “Yandex Disk” began to be used for cyberattacks