In late July 2024, targeted cyberattacks struck Russian government organizations and IT firms through phishing emails containing malicious shortcuts. The malware, using Dropbox for command and control, downloaded additional payloads including tools from APT31 and the updated CloudSorcerer backdoor. Notable discoveries include the GrewApacha RAT, improvements to CloudSorcerer utilizing LiveJournal and Quora profiles for C2 servers, and a newly observed implant dubbed PlugY, resembling tools from the APT27 group.
Sort: