Security News > 2021 > May > Microsoft: Threat actors target aviation orgs with new malware

Microsoft: Threat actors target aviation orgs with new malware
2021-05-12 16:49

Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans deployed using a new and stealthy malware loader.

"In the past few months, Microsoft has been tracking a dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT," Microsoft said.

As Microsoft observed while tracking this campaign, the threat actors' end goal is to harvest and exfiltrate data from infected devices using the RATs' remote control, keylogging, and password-stealing capabilities.

The newly discovered loader monetized under a Crypter-as-a-Service model, named Snip3 by Morphisec malware analysts, is used to drop Revenge RAT, AsyncRAT, Agent Tesla, and NetWire RAT payloads on compromised systems.

Organizations can use sample queries shared by Microsoft for advanced hunting using Microsoft 365 Defender to help them locate and investigate similar suspicious behavior related to this ongoing phishing campaign.

Indicators of compromise associated with this spear-phishing campaign including malware sample hashes and RAT command and control domains can be found at the end of Morphisec's Snip3 report.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-threat-actors-target-aviation-orgs-with-new-malware/