CloudSorcerer – A new APT targeting Russian government entities

Tags

External References

• https://securelist.com/
• https://otx.alienvault.com/

Description

In May 2024, Kaspersky discovered a sophisticated cyberespionage tool called CloudSorcerer, targeting Russian government entities. This malware leverages cloud resources like Microsoft Graph, Yandex Cloud, and Dropbox as command-and-control (C2) servers, accessing them through APIs using authentication tokens. It also utilizes GitHub as its initial C2 server. CloudSorcerer employs inter-process communication through Windows pipes and adapts its behavior based on the running process, showcasing its advanced nature. While reminiscent of the CloudWizard APT, the code differs significantly, suggesting CloudSorcerer is likely a new actor inspired by similar techniques.

Date