Common Information
Type Value
Value
CloudSorcerer
Category Actor
Type Threat-Actor
Misp Type Cluster
Description CloudSorcerer is a sophisticated APT targeting Russian government entities, utilizing cloud infrastructure for stealth monitoring and data exfiltration. The malware leverages APIs and authentication tokens to access cloud resources for command and control, with GitHub serving as its initial C2 server. CloudSorcerer operates as separate modules depending on the process it's running in, executing from a single executable and utilizing complex inter-process communication through Windows pipes. The actor behind CloudSorcerer shows similarities to the CloudWizard APT in modus operandi, but the unique code and functionality suggest it is a new threat actor inspired by previous techniques.
Details Published Attributes CTI Title
Details Website 2024-09-13 36 绿盟威胁情报月报-2024年7月 – 绿盟科技技术博客
Details Website 2024-09-13 18 绿盟科技威胁周报(2024.07.08-2024.07.14) – 绿盟科技技术博客
Details Website 2024-09-12 4 2024 年第二季度 APT 趋势报告 - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
Details Website 2024-08-20 5 Threat Context monthly: Executive intelligence briefing for August 2024
Details Website 2024-08-16 6 Weekly Cyber Threat Intelligence Summary
Details Website 2024-08-13 7 Kaspersky report on APT trends in Q2 2024
Details Website 2024-08-08 38 Кампания EastWind распространяет CloudSorcerer и инструменты двух APT
Details Website 2024-06-20 6 2024 年第二季度 APT 趋势报告