Airline Credential-Theft Takes Off in Widening Campaign

2021-09-16 18:26

A two-year-old espionage campaign against the airline industry is ongoing, with AsyncRAT and other commodity remote-access trojans helping those efforts take flight.

The campaign can effectively be a bird strike to the business engine, so to speak, resulting in data theft, financial fraud or follow-on attacks, researchers said, who have uncovered new details about the perpetrators.

The goal has been to pilfer credentials and cookies, which the attacker can offer to more technically savvy cybercriminals, researchers said.

The attacks, like many malware campaigns, start off with social-engineering emails, according to Pereira and Ventura.

Net, which is being used to host the AsyncRAT payload. Since that server was using TLS to encrypt the C2 communications, the researchers then performed a search for other servers using the same certificate thumbprint - and uncovered eight more domains linked to the campaign, along with more than 50 individual malware samples.

"Many actors can have limited technical knowledge but still be able to operate RATs or information-stealers, posing a significant risk to large corporations given the right conditions," the researchers said.

News URL

https://threatpost.com/airline-credential-theft-campaign/174264/

#airline #credential