Russian threat actors are increasingly using trusted cloud platforms like Oracle Cloud, Scaleway, and Tigris Object Storage to host Lumma Stealer malware campaigns. This approach enables them to target high-privilege users through fake reCAPTCHA pages, increasing the risk of network infiltration. #LummaStealer #OracleCloud #Scaleway #TigrisObjectStorage #reCAPTCHAFake
Keypoints
- Threat actors are exploiting legitimate cloud services to host malicious content and evade detection.
- Lumma Stealer targets Windows systems to steal credentials, system data, and cryptocurrency wallets.
- Attackers use fake reCAPTCHA pages to trick users into executing malicious PowerShell commands.
- Campaigns have expanded across multiple cloud platforms since early 2025, indicating evolving tactics.
- Cloud providers have responded by removing malicious content, but the threat remains persistent, requiring advanced detection strategies.
Read More: https://gbhackers.com/russian-hackers-exploit-oracle-cloud-infrastructure/