Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies

2020-06-17 • ESET •

https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/

#Inception #T1082 #T1140 #T1005 #T1036 #T1027 #T1071 #T1204 #T1053 #T1059 #T1078 #T1220 #T1114 #T1087 #T1018 #T1106 #T1048 #T1070 #T1047 #T1012 #T1110 #T1085 #T1116 #T1050 #T1086 #T1537 #T1117 #T1002 #T1035 #T1194

Thumbnail for Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies

ESET described Operation In(ter)ception, targeted attacks against aerospace and military companies in Europe and the Middle East observed from September to December 2019. The attackers used fake LinkedIn recruiter personas and bogus job offers to deliver password-protected RAR archives containing LNK files, then used remote XSL scripts, renamed Windows utilities, scheduled tasks, custom DLL loaders, a staged downloader, and a modular C++ backdoor. The primary objective was espionage, although one investigated case ended with an attempted business email compromise using a victim’s mailbox. ESET did not make a firm attribution, but noted hints suggesting a possible Lazarus link based on targeting, development environment, and anti-analysis similarities.

Related Reports

2020-07-16 • 38% Match

Mac cryptocurrency trading application rebranded, bundled with malware

ESET

#Cryptocurrency #GMERA #T1082 #T1005 #T1113 #T1083 #T1497 #T1204 #T1539 #T1059 #T1048 #T1043 #T1518 #T1040 #T1159 #T1139 #T1065 #T1116

Shares tags: T1082, T1005, T1204 • Same author: ESET • Published within a month

2020-08-26 • 28% Match

FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

USCISA

#BeagleBoyz #FASTCash2 #T1082 #T1119 #T1090 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1020 #T1560 #T1115 #T1083 #T1036 #T1027 #T1071 #T1548.003 #T1204 #T1057 #T1059.005 #T1518.001 #T1566.001 #T1547.001 #T1059.001 #T1053 #T1132.001 #T1102 #T1059 #T1199 #T1105 #T1219 #T1055 #T1553.002 #T1552.004 #T1562.001 #T1486 #T1129 #T1489 #T1078 #T1133 #T1053.003 #T1190 #T1203 #T1189 #T1049 #T1098 #T1087 #T1016 #T1070.006 #T1021.001 #T1574.001 #T1217 #T1106 #T1573 #T1095 #T1056 #T1010 #T1021.002 #T1033 #T1569.002 #T1543.003 #T1485 #T1012 #T1110 #T1561.002 #T1202 #T1070.003 #T1565.001 #T1021 #T1505.003 #T1027.005 #T1056.004 #T1218.001 #T1562.003 #T1014 #T1053.004 #T1101 #T1565.002 #T1565.003 #T1562.006

Shares tags: T1082, T1140, T1005

2017-05-31 • 24% Match

Lazarus Group

MITRE

#G0032 #T1082 #T1090 #T1140 #T1005 #T1041 #T1560 #T1046 #T1083 #T1497 #T1036 #T1027 #T1567 #T1071 #T1124 #T1204 #T1057 #T1053 #T1566 #T1102 #T1059 #T1001 #T1105 #T1055 #T1620 #T1543 #T1489 #T1078 #T1008 #T1571 #T1218 #T1220 #T1588 #T1203 #T1189 #T1049 #T1574 #T1098 #T1087 #T1593 #T1589 #T1016 #T1587 #T1591 #T1585 #T1583 #T1557 #T1547 #T1614 #T1106 #T1573 #T1048 #T1562 #T1608 #T1070 #T1047 #T1074 #T1134 #T1056 #T1529 #T1010 #T1553 #T1033 #T1485 #T1012 #T1110 #T1534 #T1104 #T1202 #T1221 #T1132 #T1021 #T1561 #T1564 #T1584 #T0865 #T1542 #T1491

Shares tags: T1082, T1140, T1005

2020-06-25 • 21% Match

More Kimsuky “AutoUpdate” Malware

Threatconnect

#Kimsuky #AutoUpdate #T1027

Shares tag: T1027 • Published within a month

2020-05-09 • 19% Match

Lazarus group leverages Covid themed HWP Document

dinu135dk

#COVID-19 #Lazarus #T1082 #T1140 #T1115 #T1497 #T1036 #T1027 #T1124 #T1057 #T1105 #T1087 #T1106 #T1047 #T1056 #T1033 #T1032 #T1022 #T1063 #T1138 #T1045

Shares tags: T1082, T1140, T1036

2020-11-16 • 17% Match

Lazarus supply‑chain attack in South Korea

ESET

#BookCodes #SupplyChain #MagicLine4NX #VeraPort #Lazarus #T1584.004 #T1587.001 #T1041 #T1071.001 #T1195.002 #T1036 #T1055 #T1553.002 #T1027.002 #T1573.001 #T1588.003 #T1106 #T1547.005

Shares tags: T1036, T1106 • Same author: ESET

« Back