Forwarded from Pegasus NSO & other spyware
CloudSorcerer Malware Targets Russian Government | CyberExpress
#APT #Russia #CloudSourcerer
Researchers from Kaspersky believe that a new APT group is behind the CloudSorcerer malware. The malware is a single Portable Executable (PE) binary written in the C language and adjusts Its functionality depending on the process from which it is executed.
The malwareβs backdoor module begins by collecting system information about the victim machine, while running in a separate thread. This information includes computer name, user name, Windows subversion information, and system uptime.
All the collected data is stored in a specially created structure. Once the information gathering is complete, the data is written to the named pipe \.\PIPE[1428] connected to the C2 module process.
#APT #Russia #CloudSourcerer