Cloud Atlas APT upgrades its arsenal: Kaspersky research
New tools allow APT to avoid detection through standard Indicators of Compromise
Cloud Atlas, an advanced persistent threat (APT), also known as Inception, has updated its attack arsenal with new tools which allow it to avoid detection through standard Indicators of Compromise (IoC).
This updated infection chain has been spotted in the wild in different organisations in Eastern Europe, Central Asia and Russia.
Cloud Atlas is a threat actor that has a long history of cyber-espionage operations targeting industries, government agencies and other entities. It was first identified in 2014 and has been active ever since. Recently, Kaspersky researchers have seen Cloud Atlas targeting the international economics and aerospace industries as well as governmental and religious organisations in Portugal, Romania, Turkey, Ukraine, Russia, Turkmenistan, Afghanistan and Kyrgyzstan among other countries.
Upon successful infiltration, Cloud Atlas would collect information about the system to which it has gained access; log passwords; and, exfiltrate recent .txt .pdf. xls .doc files to a command and control server.
While Cloud Atlas hasn’t dramatically changed its tactics, since 2018, recent waves of attacks research has discovered it has started to implement a novel way of infecting its victims and conducts lateral movement through their network.
“It has become good practice in the security community to share the Indicators of Compromise (IoC) of malicious operations we find through research. This practice allows us to respond to ongoing international cyber-espionage operations quite swiftly, preventing any further damage they could cause. However, as we predicted as early as 2016, IoC have become obsolete as a reliable tool to spot a targeted attack in your network,” said Felix Aime, security researcher in the Kaspersky Global Research and Analysis Team.