Security News > 2021 > September > Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.

Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence team in May 2021 that delved into a "Dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT.".

"The actor [] doesn't seem to be technically sophisticated, using off-the-shelf malware since the beginning of its activities without developing its own malware," researchers Tiago Pereira and Vitor Ventura said.

"The actor also buys the crypters that allow the usage of such malware without being detected, throughout the years it has used several different cryptors, mostly bought on online forums."

Further analysis of the activity associated with different domains used in the attacks show that the actor weaved multiple RATs into their campaigns, with the infrastructure used as command-and-control servers for Cybergate RAT, AsyncRAT, and a batch file that's used as part of a malware chain to download and execute other malware.

"In this case, [] what seemed like a simple campaign is a continuous operation that has been active for three years, targeting an entire industry with off-the-shelf malware disguised with different crypters."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/kdCs_mO18Ps/malware-attack-on-aviation-sector.html