Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
Source: Securelist
Published:
<p>In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014 . During our investigation, we identified