In a new campaign, a Russia-backed advanced persistent threat (APT) group is seen abusing Cloudflare tunnels to deliver its proprietary GammaLoad malware. The threat actor, tracked as BlueAlpha, was observed by the cybersecurity research firm Insikt Group to be exploiting this legitimate tunneling service for infections aimed at data exfiltration, credential theft, and persistent access to compromised networks.

Source ->