Disguising Exfiltrated Data | Infoworld

The article is an interesting one.

How hackers used Google to steal corporate data.
Attackers used Google Developers and public DNS to disguise traffic between the malware and command-and-control servers.

A group of innovative hackers used free services from Google and an Internet infrastructure company to disguise data stolen from corporate and government computers...

This is a common technique on high-end and more sophisticated adversaries, some of whome might be working for governments. It is not hard to do, but it takes time, knowledge and proper recon of the target to properly do it.

What was unique about the attackers was how they disguised traffic between the malware and command-and-control servers using Google Developers and the public Domain Name System (DNS) service of Hurricane Electric, based in Fremont, Calif.

In both cases, the services were used as a kind of switching station to redirect traffic that appeared to be headed toward legitimate domains, such as adobe.com, update.adobe.com, and outlook.com.

Yes, it is a good way of hiding your exfil data.

In the case of Google Developers, the attackers used the service to host code that decoded the malware traffic to determine the IP address of the real destination and edirect the traffic to that location.

This part is new and very clever. Leveraging a good 3rd party system to do this for you takes a lot of knowledge. Impressive.

Read the article, it's good.