Tuesday, April 29, 2025
HomeCloudCloudGrappler: Open Source Tool that Detects Hacking Activity

CloudGrappler: Open Source Tool that Detects Hacking Activity

Published on

SIEM as a Service

Follow Us on Google News

CloudGrappler is an innovative open-source tool designed to detect the presence of notorious threat actors in cloud environments.

This tool is a beacon of hope for security teams struggling to keep pace with the sophisticated tactics of groups like LUCR-3, also known as Scattered Spider.

CloudGrappler leverages the power of CloudGrep, a tool developed by Cado Security, to offer high-fidelity, single-event detections of activities associated with well-known threat actors in popular cloud platforms such as AWS and Azure.

- Advertisement - Google News

It acts as a cyber detective, sifting through the vast amounts of data in cloud environments to identify suspicious and malicious activities that often go unnoticed.

Key Features of CloudGrappler

  • Threat Actor Querying: CloudGrappler excels in identifying activities demonstrated by some of the most notorious cloud threat actors. It utilizes a subset of activities from Permiso’s extensive library of detections to help organizations pinpoint threats targeting their cloud infrastructure.
  • Single-Event Detections: The tool provides a granular view of potential security incidents, enabling security teams to quickly and easily identify specific anomalies within their AWS and Azure environments.
  • Integration with CloudGrep: By incorporating a set of Tactics, Techniques, and Procedures (TTPs) observed in the modern threat landscape, CloudGrappler enhances its threat detection capabilities.
Document
Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
  • If you want to test all these features now with completely free access to the sandbox:


How CloudGrappler Works

CloudGrappler includes several components designed to streamline the threat detection process:

  • Scope Selector: Users can define the scope of their scanning through an integrated data_sources.json file, choosing to scan specific resources or a broader range of cloud infrastructure services.
  • Query Selector: The tool comes with a queries.json file containing predefined TTPs commonly used by threat actors. Users can modify these queries or add custom ones to tailor the scanning process.
  • Report Generator: After scanning, CloudGrappler produces a comprehensive report in JSON format, offering detailed insights into the scan results and enabling security teams to address potential threats swiftly.

It is based on a subset of activity from Permiso’s library of hundreds of detections, and it helps organizations detect threats targeting their cloud infrastructure.

Users have the ability to scan specific resources within their environment
Users can scan specific resources within their environment

Practical Applications

CloudGrappler is not just about detecting suspicious activities. it also provides valuable threat intelligence to help security professionals understand the risks in their environment and develop targeted response strategies.

Threat Activity
Threat Activity

The tool’s output includes information on the threat actor involved, the severity of the detected activity, and a description of the potential implications.

For those interested in enhancing their cloud security posture, CloudGrappler is available on GitHub.

The repository includes detailed instructions on setting up and using the tool, making it accessible to security teams of all sizes.

As cloud environments become increasingly complex and threat actors’ activities more sophisticated, tools like CloudGrappler are essential for maintaining a robust security posture.

CloudGrappler represents a significant step forward in the fight against cybercrime by offering an open-source solution for detecting and analyzing threats in cloud environments.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...