🇷🇺

CloudSorcerer

APT Group Information theft and espionage ETDA ✓

Also Known As

No alias recorded

Target Countries 2

Countries highlighted in red

Russian Federation United States

Sectors Targeted

Newspaper Publishers 51111 Publishing Industries (except Internet) 511 Government Public Administration 92

Details

Origin 🇷🇺 RU

Last Updated 02 Jan 2026

MITRE ATT&CK 42

T1003 - OS Credential Dumping T1012 - Query Registry T1016 - System Network Configuration Discovery T1018 - Remote System Discovery T1021.001 - Remote Desktop Protocol T1021.002 - SMB/Windows Admin Shares T1022 - Data Encrypted T1027 - Obfuscated Files or Information T1027.002 - Software Packing T1033 - System Owner/User Discovery T1036 - Masquerading T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1069 - Permission Groups Discovery T1070.004 - File Deletion T1071.001 - Web Protocols T1071.004 - DNS T1078 - Valid Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1087.001 - Local Account T1087.002 - Domain Account T1090 - Proxy T1105 - Ingress Tool Transfer T1135 - Network Share Discovery T1136 - Create Account T1190 - Exploit Public-Facing Application T1195 - Supply Chain Compromise T1213 - Data from Information Repositories T1482 - Domain Trust Discovery T1547 - Boot or Logon Autostart Execution T1566.001 - Spearphishing Attachment T1567 - Exfiltration Over Web Service T1570 - Lateral Tool Transfer T1573.001 - Symmetric Cryptography T1574.002 - DLL Side-Loading

Related Zero-Days

No zero-day CVE linked to this actor

CloudSorcerer

Also Known As

Target Countries 2

Sectors Targeted

Details

MITRE ATT&CK 42

Related Zero-Days

Known Names 1 entries

Observed Target Countries 1

Description

Tools Used 3

Operations 1

Reports & References 1

ETDA Profile