Cyber Espionage Campaign SkyCloak Targets Military Personnel

Cyber Security News by CyberSum.net

Published on November 3, 2025 at 09:00 AM

4 sources

Researchers at SEQRITE Labs have uncovered a stealthy cyber espionage campaign dubbed 'Operation SkyCloak,' targeting military personnel from multiple countries. The campaign uses a multi-stage PowerShell-based intrusion chain for persistent, covert remote access within military and defense networks. SkyCloak's unusual cross-border focus suggests an escalation in intelligence warfare, with the infection chain beginning with phishing ZIP archives disguised as military documents. The malware employs advanced evasion techniques, including anti-sandbox checks and Tor-based communication channels, to maintain stealthy operations.

Also Read

Kimsuky Group Deploys HttpTroy Backdoor in Spear-Phishing Attack

The Kimsuky threat actor has been linked to a spear-phishing attack using a new backdoor called HttpTroy. The attack involved a ZIP file disguised as a VPN invoice, which initiated a multi-stage infection process. The backdoor allows attackers to control compromised systems, execute commands, and capture screenshots. The malware employs advanced obfuscation techniques to evade detection.

By Cyber Security News by CyberSum.netNovember 3, 2025 at 03:00 PM