The mechanics of the attack are relatively straightforward. The threat actor creates a Google Doc and embeds various types of attacks within it, including phishing links and URLs that lead to malware. The document is then shared with the victim using the standard Google Drive sharing process. Since the email appears to be from a genuine Google email address and domain, victims are less likely to recognize it as an attack.
Another challenge is that detection and prevention tools are more inclined to trust emails from reputable services like Google, adding an additional layer of complexity to identifying and blocking such attacks.
