Security News > 2021 > May > Microsoft: Threat actors target aviation orgs with new malware
Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans deployed using a new and stealthy malware loader.
"In the past few months, Microsoft has been tracking a dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT," Microsoft said.
As Microsoft observed while tracking this campaign, the threat actors' end goal is to harvest and exfiltrate data from infected devices using the RATs' remote control, keylogging, and password-stealing capabilities.
The newly discovered loader monetized under a Crypter-as-a-Service model, named Snip3 by Morphisec malware analysts, is used to drop Revenge RAT, AsyncRAT, Agent Tesla, and NetWire RAT payloads on compromised systems.
Organizations can use sample queries shared by Microsoft for advanced hunting using Microsoft 365 Defender to help them locate and investigate similar suspicious behavior related to this ongoing phishing campaign.
Indicators of compromise associated with this spear-phishing campaign including malware sample hashes and RAT command and control domains can be found at the end of Morphisec's Snip3 report.
News URL
Related news
- Top 5 Malware Threats to Prepare Against in 2025 (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Threat actors are using legitimate Microsoft feature to compromise M365 accounts (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)