Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years
#1
https://thehackernews.com/2021/09/malwar...ector.html        Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years
September 17, 2021 Ravie Lakshmanan        A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.

Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence team in May 2021 that delved into a "dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT."

"The actor […] doesn't seem to be technically sophisticated, using off-the-shelf malware since the beginning of its activities without developing its own malware," researchers Tiago Pereira and Vitor Ventura said. "The actor also buys the crypters that allow the usage of such malware without being detected, throughout the years it has used several different cryptors, mostly bought on online forums."

The threat actor is believed to have been active at least since 2013. The attacks involve emails containing specific lure documents centered around the aviation or cargo industry that purport to be PDF files but link to a VBScript file hosted on Google Drive, which ultimately leads to the delivery of remote access trojans (RATs) like AsyncRAT and njRAT, leaving organizations vulnerable to an array of security risks. Cisco Talos said it found 31 different aviation-themed lures dating all the way back to August 2018.

Further analysis of the activity associated with different domains used in the attacks show that the actor weaved multiple RATs into their campaigns, with the infrastructure used as command-and-control (C2) servers for Cybergate RAT, AsyncRAT, and a batch file that's used as part of a malware chain to download and execute other malware.

"Many actors can have limited technical knowledge but still be able to operate RATs or information-stealers, posing a significant risk to large corporations given the right conditions," the researchers said. "In this case, […] what seemed like a simple campaign is, in fact, a continuous operation that has been active for three years, targeting an entire industry with off-the-shelf malware disguised with different crypters."
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Multiple Airlines Impacted by Data Breach at Aviation IT Firm SITA Bjyda 0 1,348 03-05-2021 , 09:35 PM
Last Post: Bjyda
  SolarWinds hackers targeted NASA, Federal Aviation Administration networks Bjyda 0 1,257 02-24-2021 , 11:44 PM
Last Post: Bjyda
  the number of malware attacks occurring over the last five years reported by AV-Test. mrtrout 0 970 09-24-2020 , 08:44 AM
Last Post: mrtrout
  ISS World “malware attack” leaves employees offline dhruv2193 0 1,441 02-23-2020 , 08:12 AM
Last Post: dhruv2193
  Bag Makers Fully Operational After Malware Attack dhruv2193 0 1,769 01-30-2020 , 10:45 AM
Last Post: dhruv2193

Forum Jump:


Users browsing this thread: 1 Guest(s)