September 11, 2024 at 09:41AM
Researchers from the Acronis Threat Research Unit discovered an attack dubbed “WordDrone,” targeting Taiwanese drone makers. The attack involves weaponizing an old version of Microsoft Word to install a persistent backdoor, ClientEndPoint. There are similarities to a previous “TIDrone” campaign, with the attackers possibly exploiting a side-loading flaw in the Word application. The motive for targeting Taiwanese drone makers may be related to their growth and technological expertise, making them a prime target for adversaries interested in military espionage or supply chain attacks. Small businesses in the sector should be vigilant and strengthen their defenses against such advanced threats.
From the meeting notes, it is clear that there has been a recent wave of attacks on Taiwanese drone makers using an ancient version of Microsoft Word to deliver malware aimed at cyber espionage and disrupting the military- and satellite-related industrial supply chains. The attack, called “WordDrone,” uses a side-loading technique to install a persistent backdoor called ClientEndPoint on infected systems. This attack has been detected by the Acronis Threat Research Unit and exhibits similarities to a previous attack campaign known as “TIDrone.”
The attackers have been targeting Taiwanese drone makers due to the country’s significant investment in the drone manufacturing industry and its technological prowess, making it a prime target for adversaries interested in military espionage or supply chain attacks. The Acronis team has shared their intelligence with Taiwan’s cybersecurity authorities and has included a list of indicators of compromise (IoCs) in their report.
It is important for defenders, especially small businesses in the sector, to be vigilant and address any suspicious activity, particularly related to older versions of Microsoft Word present in their environment. The traditional antivirus solutions are no longer efficient against the type of advanced threats being observed.
The meeting notes provide a clear understanding of the WordDrone attack and its implications for the targeted sector.