cloud-atlas-cyberthreat

Introduction:

In the ever-evolving landscape of cybersecurity, our vigilance against emerging threats is paramount. In this examination, we delve into the recent activities of the sophisticated Cloud Atlas group, shedding light on their advanced methodologies and prescribing essential countermeasures to fortify our cyber defences.

Malware overview:

The Cloud Atlas group's persistence is underscored by their utilization of one-time payload requests, creating a dynamic challenge for analysts. Notably, their recursive directory search methodology, coupled with diverse search techniques on connected disks, underscores a nuanced approach to data acquisition. Examination of their code exposes a communication scheme mirroring COM object table method, notably utilizing PUT for data transfer.

Upgrade and new threat vector:

Recent developments reveal a strategic shift for Cloud Atlas. Control servers now exclusively handle the loading of remote templates, introducing a novel threat vector. A noteworthy attempt at camouflage involves blending a control server with a legitimate site, showcasing an elevated level of sophistication to evade detection. The group meticulously registered domains through an anonymous registrar, ensuring both anonymity and Bitcoin-based transactions.

Indicators of Compromise (IOCs):

Understanding our adversaries in the cyber realm necessitates deciphering accurate Indicators of Compromise (IOCs). Cloud Atlas leaves a distinct digital footprint, including file hashes, email addresses, and network indicators:

File indicators:   

f2c4281e4d6c11173493b759adfb0eb798ce46650076e7633cf086b6d59fdb98 - Guidelines for consignors-consignees (2022).doc

482aeb3db436e8d531b2746a513fe9a96407cf4458405680a49605e136858ec5 - Stay_alert_Corporate_Notice.doc

2f97374c76ae10c642a57a8b13d25cbdc070c9098c951ea418d1533ac01dc23c - Iranian assessments of V. Putin's visit to Tehran.doc

Email addresses:

ano.spectr@yandex.ru

ancentr@lenta.ru

Network indicators:

api-help.com

driver-updated.com

sync-firewall.com

system-logs.com

technology-requests.net

translate-news.net

checklicensekey.com

comparelicense.com

msupdatecheck.com

protocol-list.com 

Conclusion:

As the Cloud Atlas group persists in its cyber endeavours, the imperative for continuous evolution in defence strategies becomes evident. By amalgamating technical depth with proactive defences, we collectively fortify the cybersecurity bulwark. Through insights gleaned from encounters like these, we strengthen our digital realm, ensuring a secure cyberspace for all.

Reference:

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/

https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.