Key Findings: Between 2024 and 2025, the China-linked advanced persistent threat (APT) group APT31 conducted targeted cyber attacks on the Russian IT sector, particularly companies working as contractors and integrators for government agencies. The attacks were characterized by the use of legitimate cloud services, mainly prevalent in Russia, like Yandex Cloud, for command-and-control (C2) and data exfiltration, in an attempt to blend in with normal traffic and evade detectio
