Kaspersky: CloudSorcerer – A new APT targeting Russian government entities
Kaspersky writes a somewhat confusing article referring to CloudSorcerer as both malware and an Advanced Persistent Threat (APT). Keeping that in mind, CloudSorcerer performs stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. It also uses GitHub as its initial C2 server. IOC provided.
#threatintel #CloudSorcerer #cyberespionage #IOC
Not Simon the Goat /
npub1ce…mclln
2024-07-08 11:28:44
Author Public Key
npub1cetfz9z5qtn3lly58p3t4hmxxqhy0vml22z5g8rve3vjesg5gzxs6mcllnSeen on
wss://relay.nostr.bandPublished at
2024-07-08 11:28:44Event JSON
{
"id": "8a1bae1bb140007328bad847e254e4d68cf9ab19059610f5247f1f789da52590",
"pubkey": "c65691145402e71ffc943862badf66302e47b37f5285441c6ccc592cc114408d",
"created_at": 1720438124,
"kind": 1,
"tags": [
[
"t",
"threatintel"
],
[
"t",
"cloudsorcerer"
],
[
"t",
"cyberespionage"
],
[
"t",
"ioc"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/112750632917098713",
"activitypub"
]
],
"content": "Kaspersky: CloudSorcerer – A new APT targeting Russian government entities\nKaspersky writes a somewhat confusing article referring to CloudSorcerer as both malware and an Advanced Persistent Threat (APT). Keeping that in mind, CloudSorcerer performs stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. It also uses GitHub as its initial C2 server. IOC provided.\n\n#threatintel #CloudSorcerer #cyberespionage #IOC",
"sig": "d60f77e598dfc2cf548cdd4e4393982e34774e6db6fa5d8b962a73b125ae660de30b92c3057eef335581b664bb0de4bcf860daee4372a3faf17a31b18ff59b12"
}