A recent attack campaign exploited Google’s popular productivity tool, Google Sheets, to target various organizations. Cybersecurity experts at Proofpoint have uncovered a novel exploit using Google Sheets as a Command-and-Control (C2) hub for cyber espionage. Detected on August 5th, 2024, the attack campaign impersonates global tax authorities to target 70 organizations across sectors like finance, aerospace, healthcare, and technology.
The threat actors send phishing emails claiming changes in tax filing, tricking users into clicking malicious links. For example, if a user on a Windows device clicks the link, they are directed to a fake PDF that triggers a Windows shortcut (LNK) file. This LNK file then runs a PowerShell script, which downloads a Python script directly from a WebDAV server. This lets the attackers collect system information without saving anything onto the victim’s computer, making it harder to detect.
The tool behind these attacks, named “Voldemort,” takes advantage of Google Sheets for C2 communication, data theft, and command execution. This method is similar to techniques used by other malware families like Latrodectus and DarkGate, showing how hackers are turning trusted platforms into tools for malicious activities.
What makes this particularly dangerous is the level of deception involved. By using Google Sheets, a platform widely trusted and used, attackers avoid raising suspicion. Since Google Sheets is so familiar and safe in most people’s minds, it makes the scam harder to spot, allowing the attackers to easily steal information or take control of the victim’s device without raising any alarms.
This exploit serves as a wake-up call for businesses to strengthen their cybersecurity posture. Staying alert, educating employees about online threats, and using advanced security measures are essential to remain protected. Employee training, in particular, is critical because it helps people recognize phishing attempts and suspicious links, reducing the chances of falling prey to such scams. By having well-trained staff and up-to-date security systems, companies can better defend against these growing cyber threats.
