Security News > 2021 > September > Aviation-themed phishing campaign pushed off-the-shelf RATs into inboxes for 5 years
A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos.
The malicious campaigns centred around phishing emails linking to "Off-the-shelf malware" being sent to people around the world - even those with a marginal interest in commercial aviation.
Although Talos couldn't confirm the threat actor behind the campaign was actually based in Nigeria or associated with the Nigerian state, Cisco's infosec arm was able to say with confidence that the campaign had been running for at least three years.
"Analysis of the activity associated with the domain reveals that this actor has used several RATs and that, since August 2018, there are samples communicating with this domain with names that indicate the adversary wanted to target the aviation industry," said Talos.
Another domain Talos associated with the malware campaign was delivering the AsyncRAT trojan.
Cisco Talos concluded: "In this case, we have shown that what seemed like a simple campaign is a continuous operation that has been active for three years, targeting an entire industry with off-the-shelf malware disguised with different crypters."