christophetd
commented
1 month ago The only cloud reference seems to be:
We also found evidence that Spoiled Scorpius used its access to victim systems to delete backups from both on-premises and cloud storage.
https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/