July 8, 2024 at 12:34PM
A new cyber espionage group called CloudSorcerer has been detected targeting Russian government entities using cloud services for command-and-control (C2) and data exfiltration. The group’s innovative tactics and use of cloud resources, including Microsoft Graph, Yandex Cloud, Dropbox, and GitHub, demonstrates a sophisticated approach to cyber espionage and data collection.
Key takeaways from the meeting notes:
– A new advanced persistent threat (APT) group named CloudSorcerer has been discovered targeting Russian government entities by using cloud services for command-and-control (C2) and data exfiltration.
– The group’s activities were discovered by cybersecurity firm Kaspersky in May 2024, and the malware used by CloudSorcerer shares similarities with that of CloudWizard, but with differences in the source code.
– CloudSorcerer uses innovative data-gathering programs and evasion tactics to gather information and cover its tracks, leveraging cloud resources such as Microsoft Graph, Yandex Cloud, Dropbox, and GitHub for its operations.
– The exact method of infiltration into targets is currently unknown, but the group utilizes a sophisticated backdoor component designed to collect information about the victim machine and execute various commands.
– The C2 module connects to GitHub for initial communications and acts as a dead drop resolver to fetch an encoded hex string pointing to the actual server hosted on Microsoft Graph or Yandex Cloud, and also tries to retrieve the same data from hxxps://my.mail[.]ru/.
– Overall, the CloudSorcerer malware represents a sophisticated toolset targeting Russian government entities, demonstrating a well-planned approach to cyber espionage.
Please let me know if you need more information or assistance.