Silver Dragon APT: Google Drive C2 & Cobalt Strike Government TTPs

Originally published on satyamrastogi.com Silver Dragon APT exploits public servers and delivers phishing campaigns with Cobalt Strike payloads, using Google Drive as command and control infrastructure to target European and Southeast Asian governments. Executive Summary Silver Dragon, an APT41-linked threat actor, demonstrates sophisticated tradecraft by weaponizing legitimate cloud services for command and control operations against government entities. This campaign showcases how threat actors abuse trusted platforms like Google Drive to evade detection while maintaining persistent access through Cobalt Strike implants. Attack Vector Analysis Silver Dragon employs a dual-vector approach for initial access, combining opportunistic server exploitation with targeted phishing campaigns. This multi-pronged strategy maximizes their attack surface while providing redundant entry points into target networks. Initial Access Vectors Public-Facing Server Exploitation The threat actor scans for