Security News > 2021 > May > Fresh Loader Targets Aviation Victims with Spy RATs

Fresh Loader Targets Aviation Victims with Spy RATs
2021-05-13 14:55

A cyberattack campaign that goes after aviation targets has been uncovered, which is spreading remote access trojan malware bent on cyber-espionage.

Once installed, the RATs connect to a command-and-control server that's hosted on a dynamic hosting site to register with the attackers.

Roger Grimes, data-driven defense evangelist at KnowBe4, said that the campaign shows a new trend in malware gang activity: Specializing in attacking certain vertical sectors beyond financial and government targets.

"Many gangs have become more specialized, targeting a specific industry that they have especially good experience and success in. To increase the chances of getting a potential victim to execute malware, the attacker has to make the social-engineering and phishing attack seem as close to an internal or partner communication as possible. Specializing in a particular industry helps to do this."

"All-in-all, any time you see a particular industry specifically targeted by a piece of malware or a particular malware gang, it isn't good. It means they are targeting the industry for a reason and become comfortable with compromising targets within that industry. In this case, it's aerospace and travel, and that is not good on a bunch of levels."

Morphisec in an earlier analysis last week was the first to break down the loader used in the aviation attacks.


News URL

https://threatpost.com/loader-aviation-spy-rats/166133/