216.73.216.86

Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks

· Published 07/06/2024 08:00 · Modified 07/06/2024 08:08

Export JSON

Essential information

Published
07/06/2024 08:00
Modified
07/06/2024 08:08
Tags
2024-06-07 aviation darktrack lnks metastealer netwire ozone rat phishing rats rhadamanthys stealer webdav
Related entities
14 observables, 1 intrusion sets (apt), 8 techniques (mitre), 5 malware, 1 others

Description

Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a suspected geopolitical or hacktivist group. While their origin remains unclear, recent techniques suggest espionage and data exfiltration intent. Sticky Werewolf has targeted the industry, employing emails with archive attachments containing LNK files pointing to malicious payloads on servers. The infection chain involves executing these LNK files, triggering a process that ultimately injects commodity malware like or stealers to facilitate data theft.

External references