NAME: CloudSorcerer

Description: The APT group's earliest attack campaigns date back to May 2024 from an unknown source, and were conducted primarily against Russian amplitude targets, using GitHub as its initial C2 server after the attacks, and later through Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructures as a C2 in order to conduct stealthy surveillance, data collection.

References: https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/