All news with #yandex cloud tag

Jewelbug Expands Operations into Russia, Symantec Finds

🔎 Symantec attributes a five‑month intrusion (Jan–May 2025) against a Russian IT service provider to a China‑linked group tracked as Jewelbug, connecting it with clusters CL‑STA‑0049/REF7707 and Earth Alux. Attackers accessed code repositories and build systems and exfiltrated data to Yandex Cloud, creating supply‑chain concerns. The campaign used a renamed cdb.exe to run shellcode, bypass allowlisting, dump credentials, establish persistence, and clear event logs. Symantec also ties Jewelbug to recent intrusions in South America, South Asia, and Taiwan that leverage cloud services, DLL side‑loading, ShadowPad, BYOVD techniques, and novel OneDrive/Graph API C2.