Researchers at SEQRITE Labs have uncovered “Operation SkyCloak”, a covert cyber espionage campaign targeting Russian and Belarusian military personnel using sophisticated PowerShell-based malware and Tor communication channels. The operation demonstrates a high level of stealth, employing anti-sandbox techniques, self-hosted SSH servers, and custom Tor bridges to maintain persistent access to defense networks.
#OperationSkyCloak #SEQRITE #RussianMilitary #BelarusianDefense #TorCommunications
#OperationSkyCloak #SEQRITE #RussianMilitary #BelarusianDefense #TorCommunications
Keypoints
- Operation SkyCloak targets military personnel in Russia and Belarus using stealthy infection methods.
- The attackers utilize weaponized ZIP archives with disguised shortcut files to initiate their intrusion chain.
- The malware employs anti-sandbox checks and robust persistence techniques such as scheduled tasks and mutexes.
- Legitimate OpenSSH binaries are deployed inside user profiles to enable encrypted, stealthy remote access through Tor.
- The campaign’s infrastructure includes custom Tor bridges and hidden services to evade detection and monitoring.