The Cloud Atlas advanced persistent threat (APT) group has updated its weapons portfolio with polymorphic components that produce unique code for each infection.
Cloud Atlas, also known as inception, was first discovered by researchers in 2014 following attacks in Russia and Kazakhstan. At the time, the APT utilized CVE-2012-0158, an old vulnerability in Microsoft Office that can be exploited to perform remote code execution (RCE) attacks.
The threat actors remain active to the present day and have, once again, been linked to attacks in Russia, as well as Portugal, Romania, Turkey, Ukraine, and other countries.
On Monday, Kaspersky researchers said the spate of recent attacks is focused on "international economics and aerospace industries."
In a blog post, the cybersecurity firm said the group is employing "a novel way of infecting its victims and conducts lateral movement through [a] network."