Security researchers have uncovered a secretive “Mystery OAST” (Out-of-Band Application Security Testing) operation leveraging private infrastructure on Google Cloud. The campaign has launched over 1,400 exploit attempts targeting 200+ distinct CVEs, differing from typical attacks that use public OAST services.
Business Impact
This campaign represents a highly organized and resourced reconnaissance effort. By using private infrastructure, the attackers avoid simple blocklists associated with public scanning tools (like interact.sh). Organizations may see these probes as legitimate cloud traffic, missing the precursors to a targeted attack.
Why It Happened
Attackers are evolving to evade detection. Using custom OAST domains and major cloud providers helps their traffic blend in. They are systematically scanning for a wide range of vulnerabilities to build a target list for future exploitation.
Recommended Executive Action
Direct your SOC to look for anomalous outbound traffic to unknown domains, even if they are hosted on reputable cloud providers. Ensure that your vulnerability management program is patching older CVEs, as this campaign targets a broad spectrum of known flaws.
Hashtags: #ThreatIntel #CloudSecurity #VulnerabilityScanning #OAST #CyberAttack #GoogleCloud #InfoSec