Quote:A cyberattack campaign that goes after aviation targets has been uncovered, which is spreading remote access trojan (RAT) malware bent on cyber-espionage.
Researchers from Microsoft said this week on Twitter that spear-phishing emails are the main attack vector. Individuals in the aerospace and travel sectors are being targeted with a range of gambits, such as using the ruse of needing transportation-charter help.
“The campaign uses emails that spoof legitimate organizations, with lures relevant to aviation, travel or cargo,” according to Microsoft.
Quote:The bones of this campaign have been observed elsewhere. Morphisec in an earlier analysis last week was the first to break down the loader used in the aviation attacks. It said that it too has seen Snip3 being used to deliver both ASyncRAT or RevengeRAT, “which often come from an open-source RAT platform originally available through the NYANxCAT Github repository.” It didn’t specify the industry targets.
Researchers there, again dovetailing with Microsoft’s observations, also identified a campaign that used Agent Tesla (and another one that used NetWire RAT).
Morphisec described Snip3 as a “highly sophisticated crypter-as-a-service” that’s been used to deliver a wide range of RAT families onto victim machines, starting in February of this year.
Read more: Fresh Loader Targets Aviation Victims with Spy RATs | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
