Ongoing Targeted Campaign Against US Law Firms | Google Cloud Blog
… The activity discussed in the blog post is detected in Google SecOps under the rule names: Execute MSI Files Downloaded via Curl Suspected Rclone Exfiltration MITRE ATT&CK Tactic Technique ID Technique Name Initial Access T1566.004 Phishing: Spearphishing Voice T1133 External Remote Services Execut…