Cloud Atlas threat group updates weaponry with polymorphic malware
Researchers with Kaspersky labs have uncovered a new attack campaign by the advanced persistent threat (APT) group Cloud Atlas (aka inception). The attacks rely on polymorphic malware that makes changes to its code for every infection in order to avoid detection by signature-based security solutions.
The campaign targets the “international economics and aerospace industries” in various countries including Russia. Cloud Atlas has been active since at least 2014 and has targeted Russian organizations before. The researchers state that the polymorphic elements in the latest campaign represent “a novel way of infecting [..] victims and conduct[ing] lateral movement through [a] network.”