Operation SkyCloak: Tor Campaign targets Military of Russia & Belarus

Description

A sophisticated campaign targeting Russian and Belarusian military personnel has been identified, using multi-stage infection chains and decoy documents. The attackers deploy OpenSSH and Tor bridges to establish covert remote access and lateral movement capabilities. The infection process involves PowerShell scripts, scheduled tasks for persistence, and the use of Tor hidden services to expose multiple local services. The campaign employs anti-analysis techniques and leverages obfuscated configurations for SSH and Tor. While attribution remains uncertain, the targeting and tactics are consistent with Eastern European-linked espionage activities focusing on defense and government sectors.