Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. The campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service.