Technadu
Cloud Atlas APT Targets Russia and Belarus with New Tools and Techniques
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Cloud Atlas, an advanced persistent threat group, has intensified its cyberespionage activities against government and commercial entities in Russia and Belarus since late 2025. The group employs phishing emails containing ZIP archives with malicious LNK files to initiate attacks, exploiting CVE-2018-0802 to execute malicious PowerShell scripts. Recent investigations revealed the introduction of a new tool called PowerCloud, which collects user data and sends it to Google Sheets. Established tools like the VBCloud dropper and PowerShower backdoor are also utilized for persistence and reconnaissance. The attackers have been observed using SSH tunnels and other utilities to maintain control over compromised systems. The ongoing campaigns have primarily targeted government agencies and diplomatic entities, raising significant concerns about national security. As of May 2026, these activities are still active and evolving.
Key Points: • Cloud Atlas targets government and commercial sectors in Russia and Belarus. • Phishing emails with malicious LNK files are the primary attack vector. • New tool PowerCloud collects user data and sends it to Google Sheets.