* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/) * Proactive Prevention Revi... # Proactive Prevention Revisited: 'Cloud Atlas' and 'Inception Framework' Campaigns [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F12%2Fproactive-prevention-revisited-cloud-atlas-inception-framework-campaigns%2F) [](https://twitter.com/share?text=Proactive+Prevention+Revisited%3A+%27Cloud+Atlas%27+and+%27Inception+Framework%27+Campaigns&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F12%2Fproactive-prevention-revisited-cloud-atlas-inception-framework-campaigns%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F12%2Fproactive-prevention-revisited-cloud-atlas-inception-framework-campaigns%2F&title=Proactive+Prevention+Revisited%3A+%27Cloud+Atlas%27+and+%27Inception+Framework%27+Campaigns&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2014/12/proactive-prevention-revisited-cloud-atlas-inception-framework-campaigns/&ts=markdown) \[\](mailto:?subject=Proactive Prevention Revisited: 'Cloud Atlas' and 'Inception Framework' Campaigns) Link copied By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks") Dec 18, 2014 3 minutes [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisory-analysis/?ts=markdown) [Advanced Endpoint Protection](https://www.paloaltonetworks.com/blog/tag/advanced-endpoint-protection/?ts=markdown) [Cloud Atlas](https://www.paloaltonetworks.com/blog/tag/cloud-atlas/?ts=markdown) [CVE-2010-3333](https://www.paloaltonetworks.com/blog/tag/cve-2010-3333/?ts=markdown) [CVE-2012-0158](https://www.paloaltonetworks.com/blog/tag/cve-2012-0158/?ts=markdown) [CVE-2014-1761](https://www.paloaltonetworks.com/blog/tag/cve-2014-1761/?ts=markdown) [Inception](https://www.paloaltonetworks.com/blog/tag/inception/?ts=markdown) [proactive prevention](https://www.paloaltonetworks.com/blog/tag/proactive-prevention/?ts=markdown) [resolution degree](https://www.paloaltonetworks.com/blog/tag/resolution-degree/?ts=markdown) [targeted attack](https://www.paloaltonetworks.com/blog/tag/targeted-attack/?ts=markdown) [Traps](https://www.paloaltonetworks.com/blog/tag/traps/?ts=markdown) [Vulnerability](https://www.paloaltonetworks.com/blog/tag/vulnerability/?ts=markdown) In this post we will discuss two recently disclosed cyber espionage campaigns. By strange coincidence, both were independently named after labyrinthian and complicated movies -- '[Cloud Atlas](http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/)' and '[Inception](https://www.bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware)'. With Inception, the campaign's unique complexity was the actual reason for the naming. The two campaigns share a few elements. Their initial targets are mainly Russian, and both, to a certain degree utilized CloudMe AB's cloud service in their command and control communication. However, what we wish to point out is a different common thread that in terms of security practice is the most significant. Explaining these campaigns will enable us to highlight Palo Alto Networks Traps Advanced Endpoint Protection and realize the advantages of proactive prevention. Further details of both campaigns can be found in the original reports. ### The campaigns Cloud Atlas, first described by Kaspersky Lab, is a Red October comeback, going mostly for Russian targets, featuring a classic pattern of successful spear phishing, exploitation and data exfiltration. The Inception Framework campaign, first disclosed by Blue Coat Systems, targets individuals in strategic positions: executives in important businesses such as oil, finance and engineering, military officers, embassy personnel and government officials. Its preferred attack vector is spear phishing emails containing weaponized documents. Successful exploitation triggers a highly sophisticated and multilayered malware framework. The campaign actors have managed to create a complex architecture of obfuscation and indirection, along with various control mechanisms put in place between attacker and target. This complexity helps malicious activity to go undetected. It also vividly illustrates and elucidates -- again -- why proactive prevention, rather than reactive detection, is the only effective way to address the current advanced cyber threat landscape. ### The proactive prevention difference At the opening of this post we referred to a significant common thread between the two campaigns. By that we meant the following: **the high complexity begins only after the malicious payload has been successfully executed**. The direct implication, in terms of security practice, is that the strategic default choice should be to suppress the possibility of such execution -- which is what proactive prevention is all about. The initial attack vector in both campaigns is vulnerability exploitation: [CVE-2012-0158](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0158) in Cloud Atlas, joined by [CVE-2010-3333](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3333) and [CVE-2014-1761](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1761) in Inception. Blocking the exploitation of these vulnerabilities would have trimmed these attacks way before any component of the extra sophisticated malicious infrastructure could come to life. The sophistication reflects the attackers attempt to minimize possibility of being detected. Thus, by focusing on prevention of the exploit rather than detection of the payload, the table is turned on the attackers' efforts and the malicious activity is tackled at a point where no resistance is anticipated. Palo Alto Networks Traps is built and designed with this concept in mind, enabling the endpoint to obstruct and nullify attacks this critical phase, by generically blocking all vulnerability exploitation techniques, for known and Zero-days attacks alike -- including the ones utilized in Cloud Atlas and Inception. Attackers are investing tremendous resources in creating and developing malicious capabilities of undetected residence, lateral movement, and data exfiltration. Proactive prevention means that we refuse to play on their terms. Rather, we take back control, blocking malicious activity way before its intended incarnation. Perhaps the most important decision, when planning to wage war, is choosing a location that is best for you and worst for your enemy. Obstructing advanced attacks at the exploitation phase accomplishes exactly that. Learn more about Advanced Endpoint Protection and Traps [here](https://www.paloaltonetworks.com/products/endpoint-security.html). *** ** * ** *** ## Related Blogs ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Introducing Traps for Android](https://www.paloaltonetworks.com/blog/2018/06/introducing-traps-android/) ### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Traps "Recommended" in NSS Labs Advanced Endpoint Protection Test](https://www.paloaltonetworks.com/blog/2018/04/traps-recommended-nss-labs-advanced-endpoint-protection-test/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps Prevents Ransomware Attacks](https://www.paloaltonetworks.com/blog/2017/11/traps-prevents-ransomware-attacks/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps Prevents Microsoft Office Zero-Day](https://www.paloaltonetworks.com/blog/2017/10/traps-prevents-microsoft-office-zero-day/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps: Expanding Ransomware Protection for Current and Future Threats](https://www.paloaltonetworks.com/blog/2017/09/traps-4-1/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### AV-TEST Validated: Traps Can Replace Legacy Antivirus](https://www.paloaltonetworks.com/blog/2017/08/av-test-validated-traps-can-replace-legacy-antivirus/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language