Operation SkyCloak: Stealthy Cyber Espionage Targets Military

Researchers at SEQRITE Labs have uncovered Operation SkyCloak, a sophisticated cyber espionage campaign targeting military personnel. The operation uses a multi-stage PowerShell-based intrusion chain for persistent, covert remote access within military and defense networks. SkyCloak stands out due to its unusual targeting pattern, focusing on multiple military units and utilizing Tor-based communication for anonymity. The campaign employs advanced evasion techniques, including anti-sandbox checks and obfuscated PowerShell execution, to maintain stealth.

Latest mentioned: 11-03

Earliest mentioned: 11-01

Sources

securityonline.info gbhackers.com securityonline.info

Also Read

SesameOp Backdoor Uses OpenAI API for C2 Communications

Microsoft researchers discovered SesameOp, a new backdoor malware using the OpenAI Assistants API for command-and-control. The malware, found in July 2025, allowed attackers to maintain long-term persistence for espionage. It used a heavily obfuscated loader and a .NET-based backdoor, leveraging legitimate cloud services to avoid detection. Microsoft and OpenAI collaborated to disable the misused API key and account.

11-04Read more →