Researchers at Bitdefender say the methods could also be used to access Google Cloud Platform (GCP) with custom permissions and could move from machine to machine.
The attacks hinge on an organization's use of Google Credential Provider for Windows (GCPW), which offers mobile device management (MDM) and single sign-on (SSO) capabilities.
Bitdefender says this shouldn't be taken lightly and the weaknesses highlighted in its research are potentially realistically exploitable. Threat actors often seek out and exploit these gaps in coverage."
[
add
]
[
|
|
...
]