Tech giant Cisco has detected a targeted phishing campaign aimed at the aviation industry for two years, which was potentially organised by cyber threat actors operating out of Nigeria.
The actors have been targeting the aviation industry for the last two years, while managing other campaigns at the same time. Researchers found that they do not seem to be technically sophisticated as they are using off-the-shelf malware since the beginning of their activities without developing their own malware.
The operators also bought crypters that enable the usage of such malware without being detected. Throughout the years they used several different cryptors, mostly bought on online forums and are believed to have been active since 2013.
The cyberattacks involve emails containing specific lure documents centered around the aviation or cargo industry that purport to be PDF files but link to a VBScript file, which ultimately leads to the delivery of remote access trojans (RATs), leaving organisations vulnerable to an array of security risks.
Actors that perform smaller incidents can keep doing them for a long period of time under the radar. However, their activities can lead to major incidents at large organisations. These are the operators that feed the underground market of credentials and cookies, which can then be used by larger groups on activities.
Fady Younes, Cybersecurity Director, Cisco Middle East and Africa, said: “Many operators can have limited technical knowledge but still be able to operate RATs or information-stealers – posing a significant risk to large corporations given the right conditions. In this case, what appeared to be a simple campaign was, in fact, a continuous operation that has been active for years – targeting a whole industry with commodity malware hidden with different crypters.”
Younes added: “Even though cybersecurity is not a threat specific to aviation, in the last few years the sector has been at the forefront of several cyberattacks. It is crucial to be careful with weak links that could lead to flawed conclusions. The weak links shouldn’t be discarded — it would be wise to view them as one more piece of information that, together with other links, can yield to a much stronger relationship between two pieces of information.”
Click below to share this article