Operation In(ter)ception: Malware Campaign Targeted Aerospace And Defense Sectors

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

A sophisticated cyberespionage campaign has recently targeted aerospace and defense sectors. Dubbed Operation In(ter)ception, the campaign involves a highly stealth and sophisticated malware. Whereas, the attackers exploited the LinkedIn platform to prey on the victims.

Operation In(ter)ception Aimed At High-Profile Victims

Researchers from ESET have uncovered Operation In(ter)ception – a malware campaign aimed at high-profile targets. The researchers have shared a detailed white paper elaborating on their findings.

In brief, the malware campaign targeted the victims with malware Inception.dll that possessed stealth properties. The attackers used this malware for cyberespionage on aerospace and defense sectors by alluring the personnel with job offers.

Briefly, the threat actors impersonated HR managers on LinkedIn belonging to fake aerospace and defense companies. These fake profiles sent messages to the employees of the target firms offering jobs.

In the beginning, the conversation looked normal, but gradually, the attackers used to trick the victims via email communication. They would then send malicious files to the victims that looked like job-related documents.

As stated by the researchers,

To send the malicious files, the attackers either used LinkedIn directly or a combination of email and OneDrive. For the latter option, the attackers used fake email accounts corresponding with their fake LinkedIn personas, and included OneDrive links hosting the files.

Once the victim would open the file(s), the malware would execute in the background. It would then steal information from the target devices.

Nonetheless, in one of the cases, the researchers also observed the attackers to have attempted to monetize their attack. Through a BEC (Business Email Compromise), they took over an employee account and sent fake emails to the customer asking payments for an overdue invoice.

Possible Link With Lazarus Group

Revealing the details in a blog post, the researchers stated that the campaign caught their attention in late 2019. They noticed the attacks targeting military and aerospace firms in Europe and the Middle East during September and December 2019.

Though, since the malware was new, they couldn’t trace back the attackers behind the campaign. Nonetheless, considering the similarities in the way the campaign executed, the researchers suspect the Lazarus Group behind it.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!