Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

US aerospace companies are facing dangerous new cyberattacks

An abstract image of digital security.

Cybersecurity researchers from BlackBerry have uncovered a new cyber-espionage campaign targeting US organizations in the aerospace industry.

The goal of the campaign seems to be data theft and cyber-espionage, although the threat actors’ endgame remains a mystery. The researchers claim the group is most likely brand new, so they named it AeroBlade. 

This group mounted attacks in two stages, the first being more of a reconnaissance move, and the second one being the actual data theft via malware.

Selling the data online

The attack starts with a spear-phishing email, containing a carefully crafted, malicious DOCX file. This file, if opened, downloads a DOTM file from a remote location. If you’re unfamiliar with the DOTM extension, it’s a document template for Microsoft Word. This file can then execute a macro which creates a reverse shell on the target endpoint. This shell will connect with the C2 server and await further instructions.

"Once the victim opens the file and executes it by manually clicking the "Enable Content" lure message, the [redacted].dotm document discretely drops a new file to the system and opens it," BlackBerry said in its report. "The newly downloaded document is readable, leading the victim to believe that the file initially received by email is legitimate."

The first step, which was observed to have taken place in September last year, lists all directories on the compromised endpoint, giving the attackers a map of the kingdom and thus simplifying the search for valuable data. The second stage, which took place in July this year, resulted in data theft.

Aeroblade’s origin, or endgame, remain a mystery. While cyber-espionage campaigns can be highly disruptive, this could also be the work of an entirely independent, profit-oriented threat actor, who will later try to sell the stolen data on the dark web to the highest bidder.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.