Cisco warns of a hacking campaign targeting the aviation industry

Dubai, United Arab Emirates – 25 October 2021 – Ciscodetected a targeted phishing campaign aimed at the aviation industry for two years, which was potentially organized by cyber threat actor(s) operating out of Nigeria.

The actor(s) have been targeting the aviation industry for the last two years, while managing other campaigns at the same time. Researchers found that they do not seem to be technically sophisticated as they’re using off-the-shelf malware since the beginning of their activities without developing their own malware.

The operators also boughtcrypters that enable the usage of such malware without being detected. Throughout the years they used several different cryptors, mostly bought on online forums and are believed to have been active since 2013.

The cyber attacks involve emails containing specific lure documents centered around the aviation or cargo industry that purport to be PDF files but link to a VBScript file, which ultimately leads to the delivery of remote access trojans (RATs), leaving organizations vulnerable to an array of security risks.

Actors that perform smaller incidents can keep doing them for a long period of time under the radar. However, their activities can lead to major incidents at large organizations. These are the operators that feed the underground market of credentials and cookies, which can then be used by larger groups on activities.

Commenting on the targeted attacks, Fady Younes, Cybersecurity Director at Cisco Middle East and Africa said: “Many operators can have limited technical knowledge but still be able to operate RATs or information-stealers – posing a significant risk to large corporations given the right conditions. In this case, what appeared to be a simple campaign was, in fact, a continuous operation that has been active for years – targeting a whole industry with commodity malware hidden with different crypters.”

“Even though cybersecurity is not a threat specific to aviation, in the last few years the sector has been at the forefront of several cyber attacks. It is crucial to be careful with weak links that could lead to flawed conclusions. The weak links shouldn’t be discarded — it would be wise to view them as one more piece of information that, together with other links, can yieldto a much stronger relationship between two pieces of information,” Younes added.


About Cisco 

Cisco (NASDAQ: CSCO) is the worldwide leader in technology that powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future. Discover more on The Networkand follow us on Twitter.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco’s trademarks can be found at Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

Media Contact:

Tamara Azab Head of Communications – MEACisco +971 55 706 5472Aaron Budwal Senior Account Executive Hill+Knowlton Strategies +971 55 143 2795