From d8e7fbaa799f5754675fc65ca4aa7ad07d1d3166 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Mon, 8 Jul 2024 02:28:35 -0700 Subject: [PATCH] [threat-actors] Add CloudSorcerer --- clusters/threat-actor.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index de5e1c9..0f12c5a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16326,6 +16326,16 @@ }, "uuid": "99ad0cef-c53a-44d5-85d4-5459e59a06d5", "value": "Boolka" + }, + { + "description": "CloudSorcerer is a sophisticated APT targeting Russian government entities, utilizing cloud infrastructure for stealth monitoring and data exfiltration. The malware leverages APIs and authentication tokens to access cloud resources for command and control, with GitHub serving as its initial C2 server. CloudSorcerer operates as separate modules depending on the process it's running in, executing from a single executable and utilizing complex inter-process communication through Windows pipes. The actor behind CloudSorcerer shows similarities to the CloudWizard APT in modus operandi, but the unique code and functionality suggest it is a new threat actor inspired by previous techniques.", + "meta": { + "refs": [ + "https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/" + ] + }, + "uuid": "895548a2-e5c7-4a76-8425-19aa077db200", + "value": "CloudSorcerer" } ], "version": 312