The group — known as APT40, Gadolinium or Leviathan — was hosting apps on the Azure Active Directory and using open source tools as part the latest evolution in its tactics, security researchers said.

Surges in collaboration tool use and cloud demands open enterprise networks to new risks and threat actors are taking notice, a new McAfee report finds.

The deal comes after Carbonite acquired Webroot earlier this year.