Operation Cargotalon: Targeting Russian Aerospace Defense Using Eaglet Implant
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
UNG0901, a threat group targeting Russian aerospace and defense sectors, has been discovered conducting a spear-phishing campaign against the Voronezh Aircraft Production Association. The operation, dubbed 'CargoTalon', utilizes a custom DLL implant called EAGLET, which is disguised as a ZIP file containing transport documents. The infection chain involves a malicious LNK file that executes the EAGLET implant, which then establishes communication with a command-and-control server for remote access and data exfiltration. The campaign employs sophisticated tactics, including decoy documents related to Russian logistics operations, and shows similarities with another threat group known as Head Mare. The attackers' motivation appears to be espionage against Russian governmental and non-governmental entities.
OPENCTI LABELS :
espionage,russia,spear-phishing,defense,aerospace,dll implant,logistics,eaglet,head mare
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Operation Cargotalon: Targeting Russian Aerospace Defense Using Eaglet Implant