Quote:A two-year-old espionage campaign against the airline industry is ongoing, with AsyncRAT and other commodity remote-access trojans (RATs) helping those efforts take flight. The campaign can effectively be a bird strike to the business engine, so to speak, resulting in data theft, financial fraud or follow-on attacks, researchers said, who have uncovered new details about the perpetrators.
According to Tiago Pereira and Vitor Ventura at Cisco Talos, “Operation Layover” is likely the work of an unsophisticated threat actor based in Nigeria, which has been active on the cybercrime scene for at least six years in various campaigns against multiple sectors.
“[The attacker] doesn’t seem to be technically sophisticated, using off-the-shelf malware since the beginning of its activities without developing its own malware,” the researchers noted in a Thursday posting. “The actor also buys the crypters that allow the usage of such malware without being detected, [and] throughout the years it has used several different cryptors, mostly bought on online forums… This shows that a small operation can run for years under the radar, while still causing serious problems for its targets.”
Read more: Airline Credential-Theft Takes Off in Widening Campaign | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
