China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
24.11.2025
10787
APT31 secretly targeted Russian IT from 2022–2025 using cloud services, social media commands, and CloudyLoader malware to steal sensitive data.
APT31's Cloud-Powered Espionage Campaign Against Russia
China-linked APT31 has been running a stealthy cyber espionage operation targeting Russian IT infrastructure from 2022 through 2025, leveraging cloud services and social media platforms for command and control while deploying CloudyLoader malware to exfiltrate sensitive data.
The advanced persistent threat group operated undetected for three years, using legitimate cloud infrastructure to mask their activities and social media platforms to issue commands to compromised systems.
Their CloudyLoader malware enabled persistent access and data theft from Russian IT networks, demonstrating how state-sponsored actors are increasingly weaponizing everyday cloud services and social platforms for sophisticated cyber operations.
- • Operation Duration: 2022-2025
- • Target: Russian IT Infrastructure
- • Primary Tactic: Cloud Service Abuse
- • Command & Control: Social Media Platforms
- • Malware: CloudyLoader
- • Objective: Data Exfiltration
- • Attribution: China-Linked APT31
#malware#state-sponsored cyber attacks#cyber espionage#cloud security
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
