Cloud Atlas May Hide Their Tracks but 1,800+ Unpublicized Artifacts Can Help Orgs Tag Them
All advanced persistent threat (APT) groups aim for detection evasion to enable lateral movement. But apart from tools, tactics, and procedures (TTPs) typically employed in targeted attacks, Cloud Atlas trailed its sights on targets in politically charged nations as an additional evasion tactic.
Despite the threat actors’ efforts to hide from investigators, though, Check Point Research (CPR) still managed to identify 10 indicators of compromise (IoCs) that WhoisXML API researchers expanded further to include 1,850 more artifacts.
Our deep dive into Cloud Atlas revealed:
- Eight additional IP addresses the domains identified as IoCs resolved to
- 300+ additional domains that shared the IoCs’ IP hosts, two of which are malicious
- 1,500+ more domains that contained unique strings found among the domains identified as IoCs, one of which is malicious
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/