Known since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We’re shedding light on a previously undocumented toolset, which the group used heavily in 2024.
Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code. When opened, the document downloads a malicious template formatted as an RTF file from a remote server controlled by the attackers. It contains a formula editor exploit that downloads and runs an HTML Application (HTA) file hosted on the same C2 server. The RTF and HTA downloads are restricted to certain time slots and victim IP addresses: requests are only allowed from target regions.
Read more…
Source: Kaspersky
Related:
- WhatsApp security flaw lets experts scrape 3.5 billion user numbers
November 21, 2025
WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints. The researchers were able to ...
- Logitech Confirms Data Breach After Cl0p, Linked to Oracle E-Business Suite Exploits, Takes Responsibility
November 20, 2025
Hardware and software solutions company Logitech has disclosed a data breach that exposed employee, customer, and supplier information. “Logitech International S.A. (“Logitech”) recently experienced a cybersecurity incident relating to the exfiltration of data,” the company stated. Read more… Source: CPO Magazine News Sign up for the Cyber Security Review Newsletter The latest cyber security news and insights delivered right to ...
- Mac users warned about new DigitStealer information stealer
November 19, 2025
This variant comes with advanced detection-evasion techniques and a multi-stage attack chain. Most infostealers go after the same types of data and use similar methods to get it, but DigitStealer is different enough to warrant attention. A few things make it stand out: platform-specific targeting, fileless operation, and anti-analysis techniques. Together, they pose relatively new challenges ...
- Understanding the future of offensive AI in cybersecurity
November 19, 2025
As we step into an era where artificial intelligence (AI) plays an increasingly significant role in cybersecurity, discussions surrounding its offensive capabilities are becoming more prominent. A recent report by Anthropic—a leading AI research lab—has sparked the latest conversation on this topic, with questions raised about their claim that an AI-assisted attack they observed was ...
- Dutch government is relinquishing control of Chinese-owned chipmaker Nexperia
November 19, 2025
The Dutch government said it’s relinquishing control of Chinese-owned chipmaker Nexperia, easing a standoff between China and the Netherlands that threatened supplies of semiconductors vital for global auto manufacturing. Economics Affairs Minister Vincent Karremans said Wednesday that he was suspending an earlier order to take control of Nexperia under a rarely invoked law. Read more… Source: ABC News Sign ...
- Myanmar: Authorities arrest nearly 350 in raids targeting illegal gambling and online scam centres on Thai border
November 19, 2025
On the morning of 18 November, security forces together with departmental teams conducted an operation in the Shwe Kokko area, located to the north of Myawady. First, they cleared three buildings that had been constructed without official permission. During the operation, 346 foreign nationals currently under scrutiny were arrested. Nearly ten thousand mobile phones used in ...