The Cloud Atlas APT group continues to target countries in Eastern Europe and Central Asia using phishing emails with malicious attachments exploiting CVE-2018-0802. The infection chain now includes several implants: VBShower, VBCloud, PowerShower, and CloudAtlas. New and updated components are described, including payloads for file exfiltration, credential stealing, and system information gathering. The backdoors use cloud services for command and control. Targets were identified in Russia and Belarus across telecommunications, construction, government, and manufacturing sectors. The group has been active for over 10 years and continues to expand its capabilities.