Common Information
Type | Value |
---|---|
Value |
CloudSorcerer |
Category | Actor |
Type | Threat-Actor |
Misp Type | Cluster |
Description | CloudSorcerer is a sophisticated APT targeting Russian government entities, utilizing cloud infrastructure for stealth monitoring and data exfiltration. The malware leverages APIs and authentication tokens to access cloud resources for command and control, with GitHub serving as its initial C2 server. CloudSorcerer operates as separate modules depending on the process it's running in, executing from a single executable and utilizing complex inter-process communication through Windows pipes. The actor behind CloudSorcerer shows similarities to the CloudWizard APT in modus operandi, but the unique code and functionality suggest it is a new threat actor inspired by previous techniques. |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2024-09-13 | 36 | 绿盟威胁情报月报-2024年7月 – 绿盟科技技术博客 | ||
Details | Website | 2024-09-13 | 18 | 绿盟科技威胁周报(2024.07.08-2024.07.14) – 绿盟科技技术博客 | ||
Details | Website | 2024-09-12 | 4 | 2024 年第二季度 APT 趋势报告 - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com | ||
Details | Website | 2024-08-20 | 5 | Threat Context monthly: Executive intelligence briefing for August 2024 | ||
Details | Website | 2024-08-16 | 6 | Weekly Cyber Threat Intelligence Summary | ||
Details | Website | 2024-08-13 | 7 | Kaspersky report on APT trends in Q2 2024 | ||
Details | Website | 2024-08-08 | 38 | Кампания EastWind распространяет CloudSorcerer и инструменты двух APT | ||
Details | Website | 2024-06-20 | 6 | 2024 年第二季度 APT 趋势报告 |