MOSCOW, July 8 In May, Kaspersky Lab discovered a new targeted cyber attack, CloudSorcerer, aimed at hacking Russian government agencies, the company reported.
«In May 2024, experts from Kaspersky Lab's Global Research and Threat Analysis Center (GReAT) identified a cyber espionage campaign targeting Russian government organizations. It was called CloudSorcerer. The attackers used a sophisticated tool that accesses cloud services and Github as command and control servers,» the company said. 
Kaspersky Lab noted that the methods of the CloudSorcerer attackers are similar to the CloudWizard campaign, discovered by experts last year. However, the malware code is different. So, behind the new attack, most likely, is another cyber group that used a similar method of interaction with public cloud services.
At the same time, the malware code is written “high-quality and without errors,” and attackers gain access to cloud services, such as Dropbox, through the API using authentication tokens.
They explained that attackers first manually deploy malware on the infected device. Once launched, CloudSorcerer adapts its capabilities based on system settings. The malware then activates various functions, including collecting, copying, deleting data, initiating a communication module with the command server, and more.
«CloudSorcerer uses ingenious methods of obfuscation (the process of reducing a program's source code to a form that preserves its functionality but makes it difficult to analyze — ed.) and encryption to avoid detection. The malware decodes commands using a hard-coded code table and manipulates Microsoft COM (Component Object Model — ed.) object interfaces to perform attacks,” the company shared, adding that they continue to monitor and analyze the activities of the cyber group.