Hackers have reportedly found a way to use the Google Calendar as command & control (C2) infrastructure which could create quite a few headaches in the cybersecurity community.

  • @[email protected]
    link
    fedilink
    English
    221 year ago

    I’m actually surprised that this wasn’t seen before. It’s a domain that can’t be blocked in lots of companies, and frequent requests to it won’t raise any flags in any company that uses Google Workspace.

    • Deconceptualist
      link
      fedilink
      English
      12
      edit-2
      1 year ago

      Yep, this. A couple years ago, Google Drive sharing was used in a loosely similar way to deliver malware, and Google had to build some new controls. I’m surprised it took the baddies this long to exploit GCal.

      • 108
        link
        fedilink
        131 year ago

        Or they have been doing it quietly all along