The Defense Sector Has Become an El Dorado for Attackers

A bagful of tricks

• Hackers are approaching victims via social engineering methods, impersonating and carrying out watering hole attacks on target websites. In watering hole attacks, threat actors are deploying a malicious link onto a compromised domain, delivering info-stealer malware via social media platforms.
• The oldest trick in the cybercriminals’ book is sending spearphishing emails. Attackers send fraudulent messages with malicious Microsoft Office documents enclosing embedded macros to deploy their main payload.
• Attackers are employing backdoors capable of maintaining persistence on infected systems, listing and exfiltrating critical files, scouring drives, eliminating system processes, deleting content, and executing arbitrary code.

Some recent attacks on the defense sector

• Reportedly, an Iranian APT group named Charming Kitten was found impersonating journalists on WhatsApp and LinkedIn to launch sophisticated phishing attacks against the government, diplomacy, defense, and military sectors.
• Focused on surveillance and spying, the Transparent Tribe APT group revealed a new tool designed to infect USB devices in espionage campaigns against government and military personnel in India and Afghanistan.
• According to the CISA, BLINDINGCAN malware was deployed in attacks against U.S. and foreign companies functioning in the aerospace, military, and defense sectors. The agency attributed the attacks to cyberespionage campaigns tracked as Operation Dream Job and Operation North Star launched by the North Korean APT group, Lazarus.
• Known to attack diplomatic and infrastructure companies, CactusPete APT has started a campaign, targeting military and financial organizations across Eastern Europe with a new Bisonal backdoor variant.

Wrapping up