Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation FlowCloud

The TA410 threat group targeted the United States utilities sector with the FlowCloud malicious software to exfiltrate sensitive information including keystrokes, screen captures, and files to custom command and control servers. The actor used various domains during the operation including custom domains and web services including Drobox to host the malicious software and upload the stolen data. The initial infection vector consisted of spear-phishing emails containing subject lines and either .exe or .doc attachments that appeared to come from legitimate companies.
Name Modified Date Sources
Operation FlowCloud 2020-06-19