Cybersecurity firm F.A.C.C.T., previously known as Group-IB, reported that the threat actor Cloud Atlas targeted various Russian enterprises with spear-phishing attacks. Cloud Atlas has operated since 2014 and primarily conducts cyber espionage operations against target organizations in Russia, Turkey, Azerbaijan, Belarus, and Slovenia. In this instance, the threat actor singled out Russian agro-industrial employees, as well as a state-owned research company, with emails containing malicious lure documents. The malware exploited CVE-2017-11882 to run shellcode that downloaded and activated an obfuscated HTA file. The malicious HTML applications then launched Visual Basic Script files that identified and executed unknown code from a remote server. Cloud Atlas has used similar versions of this toolkit for years and notably hides its malware from threat researchers by deploying one-time payload requests.

Read More:

https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html