Press ESC to close

Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

Category Details
Threat Actors Cloud Atlas (also known as Clean Ursa, Inception, Oxygen, and Red October).
Campaign Overview A cyberattack campaign using VBShower, PowerShower, and VBCloud malware variants to exploit vulnerabilities, steal data, and infiltrate networks.
Target Regions Primarily Russia (80% of targets); additional victims in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam.
Methodology Spear-phishing emails with malicious Office documents exploiting CVE-2018-0802 and CVE-2017-11882 to download and execute malware.
Products Targeted Microsoft Office (Equation Editor vulnerabilities); files matching extensions like DOC, DOCX, XLS, XLSX, PDF, TXT, RTF, and RAR; Telegram-related files.
Malware Reference VBShower, PowerShower, and VBCloud.
Tools Used Spear-phishing emails, malicious RTF templates, VBScript payloads, PowerShell scripts, alternate data streams (NTFS ADS), and public cloud storage for C2 communications.
Vulnerabilities Exploited CVE-2018-0802 and CVE-2017-11882 (Equation Editor vulnerabilities in Microsoft Office).
TTPs Exploiting vulnerabilities, phishing emails, file exfiltration, lateral movement, credential theft (Kerberoasting), and covering tracks via file cleaning scripts.
Attribution Active since 2014; linked to campaigns in Russia, Belarus, and Transnistria; uses PowerShell and VBScript-based tools for multi-stage attacks.
Recommendations Apply patches for CVE-2018-0802 and CVE-2017-11882, train employees on phishing awareness, monitor system logs, and restrict network and file access.
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: TheHackersNews

Published on: December 27, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *