June 7, 2024 at 12:14PM
A threat actor known as “Sticky Werewolf” is targeting organizations in Russia’s aviation industry, with a focus on espionage related to the Russia-Ukraine conflict. The group has evolved its infection methods to include complex phishing emails and multi-stage malware, aiming to gain access to sensitive information and facilitate data exfiltration.
Key takeaways from the meeting notes:
– The advanced persistent threat (APT) known as “Sticky Werewolf” has been targeting organizations involved with Russia’s aviation industry, with a particular interest in espionage related to the conflict between Russia and Ukraine.
– Sticky Werewolf has upgraded its infection methods, using more complex phishing emails and a long chain of files and scripts to deploy common remote access malware as its final payload.
– The phishing emails now purport to come from a Moscow-based aircraft and spacecraft company, and they include an archive file containing a PDF document, LNK files masquerading as a distribution list and meeting agenda, and an executable variant of the CypherIT cryptor.
The group’s activities suggest support of Ukrainian interests, with the ultimate goal of espionage and data exfiltration, possibly targeting commercial pilots, intellectual property, and strategic information.
In summary, the meeting notes reveal the evolving tactics of the Sticky Werewolf APT in targeting organizations in the aviation industry, potentially in support of Ukrainian interests for espionage and data exfiltration.