"Attackers Use Google Calendar RAT to Abuse Calendar Service as C2 Infrastructure"
Google warns of a public Proof-of-Concept (PoC) exploit called Google Calendar RAT (GCR) that uses the Calendar service to host Command-and-Control (C2) infrastructure. Google has yet to observe the use of GCR in the wild, but Mandiant has observed that multiple actors have shared the public PoC on underground forums. The misuse of the Google service makes it difficult for defenders to detect malicious activity. This article continues to discuss threat actors using GCR to abuse Google's Calendar service as C2 infrastructure.
Submitted by grigby1
Submitted by grigby1 CPVI
on