As part of a series of attacks against aerospace and defence organisations across Russia
Attacks spreading the EAGLET information-stealing backdoor have been deployed by the threat operation UNG0901 against aerospace and defence organisations across Russia.
According to a report from Seqrite Labs and reported by The Hacker News, employees at the Russian aircraft production firm Voronezh Aircraft Production Association were targeted with a spear-phishing email using cargo-themed lures that include a ZIP archive.
Integrated within the archive is an LNK file leveraging PowerShell to simultaneously show a fake Microsoft Excel document referencing the U.S.-sanctioned Russian railway container terminal operator Obltransterminal alongside the EAGLET DLL implant, which facilitates data exfiltration and additional payload delivery.
Further analysis showed that EAGLET is similar to the Go-based PhantomDL backdoor, not only due to the presence of file download or upload capabilities but also in terms of phishing attachment nomenclature.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
