Cisco warns of hacking campaign targeting aviation industry

Tech giant Cisco has detected a two-year targeted phishing campaign targeting the aviation industry, potentially organized by cyber threat actors operating out of Nigeria.

The actors have been targeting the aviation industry for two years, while managing other campaigns in parallel. The researchers found that they did not appear to be technically sophisticated as they had been using off-the-shelf malware from the start of their activities without developing their own malware.

Operators have also purchased encryptors that allow such malware to be used undetected. Over the years they have used several different cryptos, mostly bought from online forums and have been reportedly active since 2013.

Cyberattacks involve emails containing specific decoy documents centered on the aviation or cargo industry that pretend to be PDF files but are linked to a VBScript file, which ultimately leads to the delivery of Trojans Remote Access Control (RAT), leaving organizations vulnerable to an array of security risks.

Actors who perform smaller incidents may continue to do them for a long time under the radar. However, their activities can lead to major incidents in large organizations. These are the operators who feed the underground market of identifiers and cookies, which can then be used by larger groups on activities.

Fady Younes, Director of Cybersecurity, Cisco Middle East and Africa, said, “Many operators may have limited technical knowledge but still be able to exploit RATs or information thieves, which poses a significant risk. for large companies under the right conditions. In this case, what appeared to be a simple campaign was actually an ongoing operation that had been active for years – targeting an entire industry with hidden commodity malware with various encryptors.

Younes added, “While cybersecurity is not an aviation-specific threat, in recent years the sector has been at the forefront of several cyberattacks. It is crucial to be careful with weak links that could lead to wrong conclusions. Weak links should not be discarded – it would be wise to consider them as one more piece of information which, together with other links, can lead to a much stronger relationship between two pieces of information.

Click below to share this article