Cloud Atlas
STATUS:Active
TYPE:Trojan
DISCOVERY:August 2014
TARGETED PLATFORMS:Windows, Android, iOS, Linux
FIRST KNOWN SAMPLE:2014
NUMBER OF TARGETS:11-100
TOP TARGETED COUNTRIES:
Russia, Kazakhstan, Belarus, India, The Czech Republic
Special Features:
CloudAtlas represents a rebirth of the RedOctober attacks.
Some of the victims of RedOctober are also targeted by CloudAtlas.
Both Cloud Atlas and RedOctober malware implants rely on a similar construction, with a loader and a final payload that is stored, encrypted and compressed in an external file.
CloudAtlas implants utilize a rather unusual C&C mechanism - all malware samples communicate with accounts from a cloud services provider.
The Microsoft Office exploit doesn’t directly write a Windows PE backdoor on disk. Instead, it writes an encrypted Visual Basic Script and runs it.
TARGETS:
Diplomatic organizations/embassies
Government entities
STATUS:Active
TYPE:Trojan
DISCOVERY:August 2014
TARGETED PLATFORMS:Windows, Android, iOS, Linux
FIRST KNOWN SAMPLE:2014
NUMBER OF TARGETS:11-100
TOP TARGETED COUNTRIES:
Russia, Kazakhstan, Belarus, India, The Czech Republic
Special Features:
CloudAtlas represents a rebirth of the RedOctober attacks.
Some of the victims of RedOctober are also targeted by CloudAtlas.
Both Cloud Atlas and RedOctober malware implants rely on a similar construction, with a loader and a final payload that is stored, encrypted and compressed in an external file.
CloudAtlas implants utilize a rather unusual C&C mechanism - all malware samples communicate with accounts from a cloud services provider.
The Microsoft Office exploit doesn’t directly write a Windows PE backdoor on disk. Instead, it writes an encrypted Visual Basic Script and runs it.
TARGETS:
Diplomatic organizations/embassies
Government entities