Operation HollowQuill: Russian R&D Networks Targeted via Decoy PDFs
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Operation HollowQuill targets Russian research and defense networks, particularly the Baltic State Technical University, using weaponized decoy documents disguised as research invitations. The attack chain involves a malicious RAR file containing a .NET dropper, which deploys a Golang-based shellcode loader and a legitimate OneDrive application. The final payload is a Cobalt Strike beacon. The campaign focuses on academic institutions, military and defense industries, aerospace and missile technology, and government-oriented research entities within the Russian Federation. The threat actor employs sophisticated techniques, including anti-analysis measures, APC injection, and infrastructure rotation across multiple ASNs.
OPENCTI LABELS :
cobalt strike,defense industry,shellcode loader,russian r&d,decoy pdfs,academic institutions,baltic state technical university,operation hollowquill
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Operation HollowQuill: Russian R&D Networks Targeted via Decoy PDFs