The Cobalt cybercrime gang has been using Google App Engine to distribute malware through PDF decoy documents. Cobalt crime gang is a Russian hacking crew that has been active since at least 2016, it targeted banks worldwide, the group leveraged spear-phishing emails to compromise target systems, spoofed emails from financial institutions or a financial supplier/partner. The group targeted more than 20 other government and financial institutions worldwide. The attack technique resembles the Squiblydoo method whereby malicious scriptlets are loaded using native Windows applications.”]
Source: https://securityaffairs.co/wordpress/80352/hacking/cobalt-google-app-engine.html