icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

Operation In(ter)ception: Hackers are targeting European aerospace and military companies, tech security experts warn

Operation In(ter)ception: Hackers are targeting European aerospace and military companies, tech security experts warn
Cybersecurity experts have uncovered highly targeted malware attacks against aerospace and military companies in Europe and the Middle East, highlighting how effective spear phishing can be when targeting individuals.

The spear-phishing attacks, which the Slovakian internet security company ESET has dubbed Operation In(ter)ception, involved the attackers directly contacting executives on LinkedIn.

Spear phishing is the practice of sending emails from a known or trusted sender in order to induce the targeted victim to reveal confidential information.

The In(ter)ception attacks – which take their name from a related malware sample named “Inception.dll” – were found to have taken place from September to December 2019, with the aim of stealing both information and money from military and aerospace executives.

Also on rt.com Hackers steal personal data of 9 million EasyJet customers in ‘highly sophisticated’ cyber attack

Initially, hackers would pose as recruiters from well-known existing companies in the aerospace and defense industry and offer lucrative jobs to their victims. The LinkedIn or email conversation would begin as a friendly overture, but the attackers would quickly increase the pace of questions to the target, pressuring them to answer and reveal key information, such as what system the executive was using.

The hackers would then sneak malicious files disguised as documents relevant to the ‘job’ with the expectation that the victim would download them. For example, the attacker would send a PDF containing salary information for the reputed job positions. This decoy, once downloaded, would actually execute a command prompt on the target’s computer, which would set off a chain reaction allowing the hackers to secure a foothold on the machine from which to spy.

Also on rt.com NSA urges email providers to update software warning that ‘Russian military hackers’ already gained ‘dream access’ to them

According to the report, “the primary goal of the operation was espionage,” yet in one instance, the hackers attempted to monetize access to a victim's account through a BEC (business email compromise) attack. The report suggests that this final play would signal the end of the attack.

ESET admits that there was not enough evidence to pin the attacks on a known threat actor. However, there were several hints suggesting a possible link to Lazarus Group – the collective behind the infamous 2014 Sony Pictures hack, and known for targeting defense companies and using fake LinkedIn accounts.

While still inconclusive, the Sony Pictures hack was thought to be in retaliation for the company’s role in the production of “The Interview,” a comedy that satirizes the leader of North Korea and depicts him being assassinated.

Also on rt.com ‘Wanna kill Kim?’ N. Korea isn’t denying hack in revenge for Sony comedy

The Sony attack was “far more destructive than any seen before on American soil,” and led to the cancellation of the film's intended release.

Think your friends would be interested? Share this story!

Dear readers and commenters,

We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system.

Sorry for the inconvenience, and looking forward to your future comments,

RT Team.