Aviation industry organizations in Russia and Belarus have been targeted with a new phishing campaign by the Sticky Werewolf threat operation, which initially set sights on both countries' public entities before widening the scope of its attacks to other sectors, reports Security Affairs.
Intrusions involved the deployment of malicious emails purporting to be from Moscow-based aircraft and spacecraft production firm AO OKB's first deputy general director with an archive attachment, according to a Morphisec analysis. Included within the attachment are .docx-impersonating LNK files and a decoy PDF document, with the execution of the former eventually resulting in the injection of commodity remote access trojans and information-stealing malware to facilitate data exfiltration and cyberespionage activities, noted researchers.
"While there is no definitive evidence of Sticky Werewolf’s national origin, the geopolitical context suggests possible links to a pro-Ukrainian cyberespionage group or hacktivists, though this attribution remains uncertain," researchers added.