APT Groups Are Weaponizing SaaS Apps. Why Isn’t This Getting More Attention?
CybersecurityAPTSaaSCloudServicesCommandAndControlDetectionStrategies
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
State-sponsored actors are now using legitimate cloud services (Slack, Notion, Trello) for command and control (C2). Defenders cannot simply block entire platforms, EDRs miss the "normal" traffic of SaaS, and Microsoft 365 logs are not sufficient. The question arises as to whether an effective detection strategy exists.