| Menu principale |
|
|  Home |
 About: Totocellux |
 LinkedIn |
| X (Twitter) |
| GitHub |
 Libreria articoli |
 Avvisi Portale |
 Software |
| Hardware |
| CyberSecurity |
| Networking |
| Telefonia |
| Virtualizzazione |
 Galleria Web |
 Forum | | 
|
|
 Benvenuto Ospite, nel Portale Campolo.eu: se sei già utente effettua il login, altrimenti puoi facilmente registrarti.
[Registrati] [Login]
|
  
|
|
| Moduli |
XML - Risorsa di notizie
 |
Consiglia Campolo.eu ai tuoi amici
|
| |
|
|
| CloudSorcerer |
espandi info/opzioni dell'articolo |  Opzioni articolo | Sommario | |
|
| Names CloudSorcerer (Kaspersky)
Country [Unknown]
Motivation Information theft and espionage
First seen 2024
Description (Kaspersky) In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens. Additionally, CloudSorcerer uses GitHub as its initial C2 server.
CloudSorcerer’s modus operandi is reminiscent of the CloudWizard APT (Bad Magic, RedStinger) that we reported on in 2023. However, the malware code is completely different. We presume that CloudSorcerer is a new actor that has adopted a similar method of interacting with public cloud services.
Observed Sectors: Government.
Countries: Russia.
Tools used GrewApacha, PlugY, The CloudSorcerer.
Operations performed Jul 2024 Operation “EastWind”
EastWind campaign: new CloudSorcerer attacks on government organizations in Russia
Information
Last change to this card: 27 August 2024 |
|
|
|
 Home
|
|
|
La tua posizione
Seleziona la skin dell'interfaccia
