According to a new report from Russian cybersecurity vendor Kaspersky, a new advanced persistent threat (APT) actor has targeted Russian government entities.

Given the name CloudSorcerer, Kaspersky stated that the threat actor has been observed exfiltrating data through platforms including Dropbox, Microsoft Graph, Yandex Cloud. In regards to methodology and tradecraft, the threat actor relies on public cloud services for its command-and-control (C&C) infrastructure. According to Kaspersky, the APT executes the cloudSorcerer malware on already compromised machines, which then enables the malware to function as a backdoor. Next, the C&C communication module s initiated, therefore enabling the collection of data about the targeted device. From there, the device can also collect additional personal information and tamper with files.

Read more:

https://www.securityweek.com/kaspersky-flags-cyberespionage-apt-cloudsorcerer-targeting-russian-government/