In a recent report, cyber security firm F.A.C.C.T. has revealed that the notorious threat actor, Cloud Atlas, has launched a series of targeted spear-phishing attacks against Russian institutions. The victims included a Russian agro-industrial complex and a state-owned research company, shedding light on the group's ongoing cyber espionage activities.

Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, has been active since at least 2014, with continuous campaigns primarily targeting Russia and neighboring countries. The threat actor gained attention in December 2022 when Checkpoint and Positive Technologies revealed a multi-stage attack sequence that resulted in a PowerShell-based backdoor called PowerShower.

Also read: Beware: Chameleon Android Malware Evolves to Target Your Fingerprint Security

The attack begins with a phishing message containing a lure document exploiting the CVE-2017-11882 vulnerability in Microsoft Office's Equation Editor. This strategy, employed since October 2018, initiates the process of malicious payloads. Cloud Atlas continues to use its simple yet effective methods in spear phishing campaigns to compromise its targets.

(Image Credit: The Hacker News)

F.A.C.C.T. ’s report coincides with findings from Positive Technologies, describing a kill chain involving the successful exploitation of CVE-2017-11882 via RTF template injection. The phishing emails are cleverly disguised, originating from the popular Russian email services Yandex Mail and VK's Mail.ru.

Also read: Latest Update: iOS 17.2.1 Unveils Bug Fixes and Patches for Enhanced Performance

Cloud Atlas has maintained a consistent toolkit over the years, avoiding the use of open source implants to end the search for security researchers. The group strategically leverages legitimate cloud storage and well-documented software features, particularly in Microsoft Office, to avoid network and file attack detection tools.

As these revelations unfold, the cybersecurity community is grappling with the evolving tactics of sophisticated threat actors. Cloud Atlas, with its meticulous approach to attacks, remains a notable player in the cyber espionage space, highlighting the ongoing challenges in securing organizations against advanced persistent threats.