Kaspersky reports that cyber-spies with suspected ties to China have targeted Russian government agencies and IT providers, using malware to gain access to sensitive systems.
The attackers employ sophisticated phishing tactics, sending RAR attachments containing deceptive documents and malicious files, effectively utilizing cloud services as command-and-control servers.
The GrewApacha trojan is used in these operations, leveraging DLL sideloading and hiding its communication mechanism through obfuscation techniques like Base64 encoding.
Kaspersky indicates that the CloudSorcerer backdoor has been adapted to include C2 servers hosted on Russian-language social networks and platforms, demonstrating evolving attack strategies.
[
Collection
]
[
|
...
]