216.73.216.174

Cloud Atlas: Analysis of Phishing Campaign and VBShower Backdoor

· Published 23/02/2026 10:00 · Modified 23/02/2026 10:19

Export JSON

Essential information

Published
23/02/2026 10:00
Modified
23/02/2026 10:19
Tags
2026-02-23 CVE-2018-0802 alternate data streams apt backdoor microsoft office phishing vbcloud vbshower
Related entities
1 vulnerabilities (cve), 10 observables, 1 intrusion sets (apt), 14 techniques (mitre), 2 malware, 7 others

Description

The article analyzes a campaign by the Cloud Atlas group targeting Russian organizations. It details five successful attacks on the same system over time, using malicious documents to deliver the . The attackers used to hide malicious code and maintained persistence through registry modifications. The analysis covers the evolution of the attack chain, including the use of malware and various command and control servers. Despite prolonged access, no evidence of lateral movement was found. The report concludes that Cloud Atlas continues to be active, using consistent tactics and tools.

External references