A sophisticated cyberespionage campaign has recently targeted aerospace and defense sectors. Dubbed Operation In(ter)ception, the campaign involves a highly stealth and sophisticated malware. Whereas, the attackers exploited the LinkedIn platform to prey on the victims.
Operation In(ter)ception Aimed At High-Profile Victims
Researchers from ESET have uncovered Operation In(ter)ception – a malware campaign aimed at high-profile targets. The researchers have shared a detailed white paper elaborating on their findings.
In brief, the malware campaign targeted the victims with malware Inception.dll that possessed stealth properties. The attackers used this malware for cyberespionage on aerospace and defense sectors by alluring the personnel with job offers.
Briefly, the threat actors impersonated HR managers on LinkedIn belonging to fake aerospace and defense companies. These fake profiles sent messages to the employees of the target firms offering jobs.
In the beginning, the conversation looked normal, but gradually, the attackers used to trick the victims via email communication. They would then send malicious files to the victims that looked like job-related documents.
As stated by the researchers,
To send the malicious files, the attackers either used LinkedIn directly or a combination of email and OneDrive. For the latter option, the attackers used fake email accounts corresponding with their fake LinkedIn personas, and included OneDrive links hosting the files.
Once the victim would open the file(s), the malware would execute in the background. It would then steal information from the target devices.
Nonetheless, in one of the cases, the researchers also observed the attackers to have attempted to monetize their attack. Through a BEC (Business Email Compromise), they took over an employee account and sent fake emails to the customer asking payments for an overdue invoice.
Possible Link With Lazarus Group
Revealing the details in a blog post, the researchers stated that the campaign caught their attention in late 2019. They noticed the attacks targeting military and aerospace firms in Europe and the Middle East during September and December 2019.
Though, since the malware was new, they couldn’t trace back the attackers behind the campaign. Nonetheless, considering the similarities in the way the campaign executed, the researchers suspect the Lazarus Group behind it.
Let us know your thoughts in the comments.