Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Operation SkyCloak is a cyberattack campaign using phishing emails with weaponized military documents to deliver a backdoor that exploits OpenSSH and Tor for persistent access, likely targeting defense sectors in Russia and Belarus. The malware employs obfs4 for traffic obfuscation and includes anti-analysis checks to evade detection before establishing remote access via concealed Tor services.