Cyber-espionage group Cloud Atlas has added polymorphic malware to its arsenal to avoid having its operations detected and monitored with the help of previously collected indicators of compromise (IOCs).
The hacking group also known as Inception [1, 2] was initially identified in 2014 by Kaspersky’s Global Research and Analysis Team researchers, and it has a history of targeting government agencies and entities from a wide range of industries via spear-phishing campaigns.
While the malware and Tactics, Techniques, and Procedures (TTP) Cloud Atlas uses during its operations has remained unchanged since at least 2018, the APT group has now added new polymorphic HTML Application malware dropper in the form of a malicious HTA and a backdoor dubbed VBShower.