Russia, Kazakhstan, Belarus, India, The Czech Republic
Social engineering
Exploits
Cyberespionage
Data theft
CloudAtlas represents a rebirth of the RedOctober attacks.
Some of the victims of RedOctober are also targeted by CloudAtlas.
Both Cloud Atlas and RedOctober malware implants rely on a similar construction, with a loader and a final payload that is stored, encrypted and compressed in an external file.
CloudAtlas implants utilize a rather unusual C&C mechanism - all malware samples communicate with accounts from a cloud services provider.
The Microsoft Office exploit doesn’t directly write a Windows PE backdoor on disk. Instead, it writes an encrypted Visual Basic Script and runs it.
Diplomatic organizations/embassies
Government entities
The same threat actor as behind the Red October attacks
The blog post and research paper are available atSecurelist.com
