A new cyber espionage campaign targeting Southeast Asian government agencies has been uncovered, involving a novel Windows backdoor called HazyBeacon that uses cloud services for C2 and data exfiltration. This sophisticated threat leverages AWS Lambda URLs, Google Drive, and Dropbox to maintain covert communication and avoid detection. #HazyBeacon #AWSLambda #CyberEspionage #SoutheastAsia
Keypoints
- The campaign targets government agencies in Southeast Asia for sensitive intelligence gathering.
- HazyBeacon uses DLL side-loading techniques to infect systems and establish persistence.
- The malware communicates with attacker-controlled servers via AWS Lambda URLs to hide in legitimate cloud traffic.
- Data exfiltration is performed through cloud services like Google Drive and Dropbox, with some attempts blocked.
- Attackers delete traces by cleaning up downloaded files and payloads after collecting the data.
Read More: https://thehackernews.com/2025/07/state-backed-hazybeacon-malware-uses.html