Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

APT31 Russian IT sector cloud-services and phishing campaign

Campaign
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

The APT31 campaign targeted the Russian IT sector from 2024 to 2025, using cloud services and phishing to evade detection and sustain espionage. The operation focused on contractors and integrators for government agencies and used legitimate services such as Yandex Cloud and Microsoft OneDrive for command and control and exfiltration. It also relied on CloudyLoader, social-media staging, and weekend or holiday timing to stay hidden for long periods.

Related Happenings

HeartlessSoul phishing and malvertising espionage campaign targeting aerospace firms and drone operators

Campaign
First: 11.05.2026 15:00 Last: 11.05.2026 15:00 Sources 1

About this happening: The **HeartlessSoul** operation is using **phishing** and **malvertising** to target **aerospace firms and drone operators**, raising the risk of **geospatial data theft** from co...

Open Happening

UnsolicitedBooker Central Asian telecom phishing campaign

Campaign
First: 24.02.2026 11:54 Last: 24.02.2026 11:54 Sources 1

About this happening: The **UnsolicitedBooker** cluster shifted its phishing operation to **telecommunications companies in Kyrgyzstan and Tajikistan**, extending a multi-month campaign that matters be...

Open Happening

LongNosedGoblin cyber-espionage campaign targeting government entities in Southeast Asia and Japan

Campaign
First: 18.12.2025 19:34 Last: 18.12.2025 19:34 Sources 1

About this happening: A **LongNosedGoblin** campaign is targeting **governmental entities in Southeast Asia and Japan**, creating a sustained risk of **cyber espionage** and **file exfiltration** insid...

Open Happening

APT24 BadAudio multi-delivery espionage campaign

Campaign
First: 21.11.2025 00:12 Last: 21.11.2025 00:12 Sources 1

About this happening: **APT24** is running a **three-year espionage campaign** with **BadAudio** that has expanded into multiple delivery methods, increasing the operation's reach and stealth. Since **...

Open Happening

UNC1549 Middle East aerospace and defense intrusion campaign

Campaign
First: 18.11.2025 14:54 Last: 18.11.2025 14:54 Sources 1

About this happening: UNC1549 is running a **late 2023 through 2025** intrusion campaign against **aerospace, aviation, and defense** organizations in the **Middle East**, using **third-party relations...

Open Happening

Timeline

  1. 22.11.2025 17:19 2 articles · 6mo ago

    APT31 Russian IT sector cloud-services and phishing campaign

    Initial Disclosure

    The first visible phase used **legitimate cloud services** such as **Yandex Cloud** to blend command-and-control and exfiltration traffic into ordinary activity. The operators also hid encrypted payloads in social media profiles and used **weekend and holiday** timing to reduce detection.

    Show sources
    Open in new tab