Cloud Atlas Strikes Again: Phishing Frenzy Hits Russian Farms with Vintage Exploits
Cloud Atlas is back in action, targeting Russia’s agricultural sector with an old 2023 exploit. Using booby-trapped Word documents, they deliver the VBShower backdoor. This adaptable threat actor has been active since 2014, increasing attacks on Russia and Belarus in 2025. Other groups like GOFFEE and PhantomCore are also in the mix.
Hot Take:
Looks like Cloud Atlas is going back to basics by dusting off some old exploits to mess with Mother Russia’s agricultural sector. I guess if it ain’t broke (or patched), don’t fix it! Clearly, Cloud Atlas is striving to be the “vintage vinyl” of cybercrime, proving that everything old is new again—especially if it can still cause chaos. As they say, one man’s trash is another hacker’s treasure.
Key Points:
- Cloud Atlas is targeting Russia’s agricultural sector using old exploits in a new phishing campaign.
- The group is using CVE-2017-11882 to deliver the VBShower backdoor via booby-trapped Word documents.
- Cloud Atlas has a history of adaptability, increasing attacks on Russia and Belarus since 2025.
- Russian organizations are also facing threats from GOFFEE and PhantomCore using new backdoors like PhantomGoShell.
- PhantomGoShell is suspected to be developed by Russian-speaking members of gaming Discord communities.
Already a member? Log in here