CloudSorcerer – A new APT targeting Russian government entities

Category	Details
Threat Actors	CloudSorcerer
Campaign Overview	Advanced persistent threat (APT) targeting Russian government entities, primarily for cyber espionage.
Target Regions (Or Victims)	Russian government entities
Methodology	Uses public cloud services (Microsoft Graph, Yandex Cloud, Dropbox) as C2 infrastructure. Executes via GitHub.
Product Targeted	Russian government systems
Malware Reference	CloudSorcerer
Tools Used	Microsoft Graph, Yandex Cloud, Dropbox, GitHub, Windows API functions, COM objects, GitHub C2 server.
Vulnerabilities Exploited	No specific vulnerabilities mentioned, relies on cloud resources for C2.
TTPs	Uses cloud resources for C2, inter-process communication, backdoor functionality, and process injection.
Attribution	Likely Russian-linked, based on targets.
Recommendations	Secure cloud services, monitor for unusual C2 traffic, prevent unauthorized GitHub repository access.
Source	Securelist by Kaspersky

Read full article: https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/

The above summary has been generated by an AI language model