Tag: cloudsorcerer

4 Attack Reports | 0 Vulnerabilities

Attack reports

UAT-8302 and its box full of malware

UAT-8302 is a sophisticated China-nexus advanced persistent threat group targeting government entities in South America since late 2024 and southeastern Europe in 2025. The actor deploys multiple custom-made malware families including NetDraft, a .NET-based backdoor variant of FinalDraft/SquidDoor,…
cloudsorcerer
snappybee
finaldraft
vshell
snowlight
deedrat
zingdoor
nosydoor
2026-05-05
draculoader
fringeporch
netdraft
snowrust
squiddoor
Published: May 5, 2026
Linked vulnerabilities : CVE-2025-0994 (CVSS 8.8), CVE-2025-20333 (CVSS 9.9), CVE-2025-20362 (CVSS 6.5)
Downloadable IOCs: 33

Striking Panda Attacks: APT31 Today

APT31, a Chinese cyber espionage group, has been actively targeting the Russian IT sector from 2024 to 2025, particularly companies working as contractors for government agencies. The group uses sophisticated tactics to remain undetected, including leveraging cloud services as command and control i…
malware
cyber espionage
chinese
data exfiltration
cloudsorcerer
grewapacha
cloud services
2025-11-27
localplugx
coffproxy
vtchatter
it sector
onedrivedoor
cloudyloader
auftime
government contractors
yaleak
Published: November 27, 2025
Downloadable IOCs: 6

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Kaspersky detected an ongoing targeted cyberattack campaign, dubbed EastWind, targeting Russian government organizations and IT companies. The attackers employed phishing emails with malicious shortcuts to deliver malware that communicated via Dropbox. They utilized tools associated with APT31 and …
rat
phishing
spyware
dll sideloading
cloudsorcerer
2024-08-14
plugy
grewapacha
Published: August 14, 2024
Downloadable IOCs: 5

CloudSorcerer – A new APT targeting Russian government entities

In May 2024, Kaspersky discovered a sophisticated cyberespionage tool called CloudSorcerer, targeting Russian government entities. This malware leverages cloud resources like Microsoft Graph, Yandex Cloud, and Dropbox as command-and-control (C2) servers, accessing them through APIs using authentica…
2024-07-08
github
c programming language
cloudsorcerer
ror14 algorithm
microsoft com object
Published: July 8, 2024
Downloadable IOCs: 1
Click here to see more Attack Reports