Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Cloud Snooper

An unknown Advanced Persistent Threat targeted servers hosted on Amazon Web Services with a rootkit that evaded detection by using a unique combination of techniques including routing traffic over common and uncommon ports from the infected hosts to the actor's command and control servers. The operation infected both Linux and Windows targets with backdoors and remote access trojans. Various techniques were used including DLL side-loading, encryption, hooking, and obfuscation.
Name Modified Date Sources
Operation Cloud Snooper 2020-03-18