EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

1(520) 261-1728

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Kaspersky detected an ongoing targeted cyberattack campaign, dubbed EastWind, targeting Russian government organizations and IT companies. The attackers employed phishing emails with malicious shortcuts to deliver malware that communicated via Dropbox. They utilized tools associated with APT31 and deployed an updated version of the CloudSorcerer backdoor, which now uses LiveJournal and Quora profiles as initial C2 servers. Additionally, a new implant called PlugY, bearing resemblance to the DRBControl backdoor linked to APT27, was employed. Author: AlienVault

Related Tags:
PlugY

CloudSorcerer

DLL Sideloading

Russian Federation

spyware

T1018

T1012

T1195

T1022

Associated Indicators:
668F61DF2958F30C6A0F1356463E14069B3435FB4E8417A948B6738F5F340DD9

5071022AAA19D243C9D659E78FF149FE0398CF7D9319FD33F718D8E46658E41C

E2F87428A855EBC0CDA614C6B97E5E0D65D9DDCD3708FD869C073943ECDDE1C0

0AA627736DF73C543C26C3F033F1962282DD005E6A0EC8D9357DF3511B2FC8A6

FCCDC059F92F3E08325208F91D4E6C08AE646A78

426BBF43F783292743C9965A7631329D77A51B61

E1CF6334610E0AFC01E5DE689E33190D0C17CCD4

C0E4DBAFFD0B81B5688AE8E58922CDAA97C8DE25

BCE22646F0D7C3ABC616996CD08B706590E724E1

Threat Intel Solutions

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us