A new cyber-espionage actor is targeting government organizations in the Russian Federation with a sophisticated piece of malware that can adapt its behavior based on its execution environment.
The advanced persistent threat (APT) group, which researchers at Kaspersky are tracking as “CloudSorcerer,” has an operational style that is akin to that used by “CloudWizard” another APT that the security vendor spotted last year also targeting Russian entities.
Hiding in the Cloud
Like CloudWizard, the new threat group too heavily leverages public cloud services for command and control (C2) and other purposes. It also appears to be going after the same targets. But CloudSorcerer’s eponymously named malware is entirely different from that of CloudWizard, making it more than likely that the former is a new cyber-espionage actor that’s merely using the same tactics as the latter, Kaspersky said in a report this week.
“While there are similarities in modus operandi to the previously reported…
