Russian Government Targeted By New APT Group, CloudSorcerer


Key Takeaways:

– CloudSorcerer, a newly identified APT group, is reportedly targeting Russian government entities.
– The cyberespionage tool used by this group makes use of Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure.
– Securelist, a division of Kaspersky, has detailed this new threat in a recent release.

Researchers at Securelist by Kaspersky have revealed the existence of an advanced persistent threat (APT) group that focuses on Russian government organizations. Named CloudSorcerer, this new group leverages cloud services for concealed surveillance, data harvesting, and information exfiltration.

Covert Operations Behind Cloud Services

The CloudSorcerer APT group utilizes renowned cloud structures like Microsoft Graph, Yandex Cloud, and Dropbox. This strategy provides them an edge when it comes to remaining undetected while monitoring their targets. This cyberespionage tool allows them to encrypt and share data, extending the effectiveness of their attacks.

Harnessing established cloud infrastructure not only aids in their stealth operations but also gives this group the capability to maintain persistence. Even if individual servers or platforms are identified and neutralized, data relocation and continuation of the operation can be effortlessly managed by moving to another platform within the cloud.

Evolving Threat Landscape

CloudSorcerer’s approach is indicative of the ever-evolving threat landscape in the world of cybersecurity. The widespread use of cloud services has opened a new channel for threat actors to exploit. This new technique provides them an effective strategy to bypass conventional security measures.

Facing the Threat

Russian government agencies have found themselves in the crosshairs of this new threat. Without the comprehensive detection capabilities and unique measures designed to tackle these advanced threats, entities may find themselves vulnerable to this new style of attack.

With the discovery and detailing of CloudSorcerer by Securelist, organizations across the globe are gaining insight. This knowledge can be instrumental in the development of new defense strategies against such advanced persistent threats.


The unveiling of CloudSorcerer offers another essential insight into the capabilities and tactics of modern threat actors. Recognizing the methods used by such groups is pivotal in the continuous battle for cybersecurity.

With the sophisticated use of cloud resources, these APT groups can remain hidden, perpetuating their campaigns uninterrupted. The evolution of defense strategies to counteract these threats is crucial in maintaining the security of sensitive data and systems.

Securelist’s study offers a much-needed peek into the tactics of such threat groups. We can hope to see this information employed in enhancing the defenses of organizations worldwide—an undeniably significant step in the battle against the increasing cyber threats.

Indeed, the world of cybersecurity remains an ever-evolving landscape—a continuous game of cat and mouse between threat actors and security professionals. With developments such as the unveiling of CloudSorcerer, we’re gaining more insight into how to stay one step ahead in this endless chase.

Read more

More News