216.73.216.75

Operation Silent Rotor: Rust-Based Malware Targets Eurasian Unmanned Aviation Sector Ahead of Moscow Summit

· Published 06/05/2026 15:01 · Modified 07/05/2026 08:42

Export JSON

Essential information

Published
06/05/2026 15:01
Modified
07/05/2026 08:42
Tags
2026-05-06 aviation sector c2 exfiltration moscow summit multi-stage payload operation silent rotor rust malware spear-phishing unmanned aerial systems
Related entities
9 observables, 15 techniques (mitre), 5 others

Description

A sophisticated spear phishing campaign targets professionals in the Eurasian unmanned , timed to coincide with the XIII Eurasian International Forum 'Unmanned Aviation 2026' in Moscow. The attack delivers malicious archives containing Rust-based executables disguised as legitimate documents from the Russian Aeronautical Information Center. The malware displays aviation-themed decoy documents in Russian while collecting system information including hostnames, volume serial numbers, network adapter details, and environment variables. Collected data is encrypted via XOR and exfiltrated to a C2 server over HTTPS. The malware subsequently downloads and executes a second-stage payload using AES-256 decryption. The campaign demonstrates targeted social engineering with realistic aviation order documents, translation certificates, and product summaries to compromise victims in Russia, Tajikistan, Central Asia, Middle East and Europe.

External references