Cybersecurity firm BlackBerry discovered that a previously unknown threat actor conducted a cyber espionage campaign against a US aerospace organization in September 2022 and July 2023. The early stage appeared to be a ‘testing phase’, while the later phase included updated tools.

• Both stages used the same lure documents and IP addresses for the command-and-control server. They both presented the lure document to targets through a spear-phishing email and both delivered a reverse shell as the final payload. The second stage was stealthier and utilized improved evasion techniques.
• BlackBerry discerned that the target of the operation was a US aerospace organization based on the content of the lure message. The toolkit presented in the attacks indicates the unknown threat actor has been active for at least a year. BlackBerry assessed with high confidence that the purpose of the operation was commercial espionage, likely evaluating targets for future ransom demands.

Read More:

https://www.securityweek.com/new-threat-actor-aeroblade-targeted-us-aerospace-firm-in-espionage-campaign/