Cyber-Espionage Campaign Targets Russia's Aerospace Defense
A cyber-espionage campaign, Operation CargoTalon, has been exposed, targeting Russia's aerospace and defense sectors. The campaign, attributed to a threat cluster known as UNG0901, demonstrates a well-structured and persistent threat operation. The campaign was first publicly disclosed on 26 May 2023 by SEQRITE Labs, a part of Quick Heal Technologies.
The campaign specifically targets the Voronezh Aircraft Production Association (VASO). It uses spear-phishing emails with disguised ZIP files containing malicious LNK shortcuts and DLL implants named EAGLET. The EAGLET implant collects system information, creates a hidden directory, and connects to a command-and-control server via HTTP. The malware supports remote shell access, file download, and data exfiltration. The attackers also use malicious TTN (товарно-транспортная накладная) documents to initiate the attack. The campaign is similar to others using the EAGLET backdoor, which have been observed targeting the Russian military. The campaign demonstrates functional parallels with PhantomDL, a Go-based backdoor.
The campaign was observed in the months leading up to its public disclosure, with the full report including technical details, indicators, and recommendations available on the SEQRITE Labs blog. The campaign targeted logistics and transportation companies in the Middle East, using fake Microsoft Word documents with macros to install a custom backdoor called CargoTor.
Operation CargoTalon, a sophisticated cyber-espionage campaign, has been exposed. It targets Russia's aerospace and defense sectors, with a specific focus on VASO. The campaign uses advanced malware and spear-phishing techniques to gain unauthorized access and exfiltrate data. The full report, published by SEQRITE Labs, provides detailed information to help organizations protect against similar threats.
Read also:
- Tony Hawk's Memorabilia Auction Raises Record $1.2M for Skatepark Project
- Customs Raid in Germany's Hotel Industry Finds 12 Illegally Present Workers
- MIH Consortium Chooses BlackBerry for Next-Gen EV Platform
- Aquatech purchases Koch's Direct Lithium Extraction business, merging Li-ProTM DLE technology into the PEARLTM Technology Platform.
