EastWind campaign: new CloudSorcerer attacks on government organizations in Russia
released on 2024-08-14 @ 03:32:30 PM
Kaspersky detected an ongoing targeted cyberattack campaign, dubbed EastWind, targeting Russian government organizations and IT companies. The attackers employed phishing emails with malicious shortcuts to deliver malware that communicated via Dropbox. They utilized tools associated with APT31 and deployed an updated version of the CloudSorcerer backdoor, which now uses LiveJournal and Quora profiles as initial C2 servers. Additionally, a new implant called PlugY, bearing resemblance to the DRBControl backdoor linked to APT27, was employed.