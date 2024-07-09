Attacks leveraging cloud services and resources have been deployed by the novel CloudSorcerer advanced persistent threat operation against Russian government organizations, reports SiliconAngle.

Initial communications with cloud services, including Microsoft Graph, Dropbox, and Yandex Cloud, have been facilitated by CloudSorcerer through GitHub and Mail.ru, with the services then leveraged for command execution and data exfiltration activities, an analysis from Kaspersky revealed. While having similar operations as the CloudWizard APT discovered last year, CloudSorcerer has been found to have process-dependent modules, Kaspersky researchers said. Such findings were noted by KnowBe4 Security Awareness Advocate Erich Kron to emphasize the value of network traffic restrictions. "While the initial C2 communication starting with GitHub is not unusual, it is a lesson in the importance of limiting outbound traffic from networks, as opposed to just inbound traffic. If most of the people within an organization have no need to access a commonly used website for command-and-control traffic such as this, it makes sense to block this traffic," said Kron.