China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
23.11.2025
4259
APT31 secretly targeted Russian IT from 2022–2025 using cloud services, social media commands, and CloudyLoader malware to steal sensitive data.
APT31's Stealthy Russian IT Campaign Exposed
China-linked APT31 has been running a sophisticated cyber espionage operation targeting Russian IT infrastructure since 2022, using cloud services and social media platforms for command and control.
The advanced persistent threat group deployed CloudyLoader malware through cloud-based infrastructure, allowing them to maintain stealth while exfiltrating sensitive data from Russian targets.
The campaign represents a significant evolution in APT31's tactics, leveraging legitimate cloud platforms to blend in with normal network traffic and avoid detection by traditional security measures.
- • Operation timeframe: 2022-2025
- • Primary target: Russian IT infrastructure
- • Attack vector: Cloud services and social media platforms
- • Malware used: CloudyLoader
- • Objective: Data exfiltration and cyber espionage
Security researchers note this campaign demonstrates how state-sponsored threat actors are increasingly abusing legitimate cloud infrastructure to conduct long-term intelligence gathering operations with minimal footprint.
#APT groups#malware#state-sponsored hacks#cyber espionage#cloud security
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
