When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Cybersecurity researchers from BlackBerry have uncovered a new cyber-espionage campaign targeting US organizations in the aerospace industry.
The researchers claim the group is most likely brand new, so they named it AeroBlade.
(Image credit: Shutterstock)
This file, if opened, downloads a DOTM file from a remote location.
If youre unfamiliar with the DOTM extension, its a document template forMicrosoftWord.
This file can then execute a macro which creates a reverse shell on the target endpoint.
This shell will connect with the C2 server and await further instructions.
The second stage, which took place in July this year, resulted in data theft.
Aeroblades origin, or endgame, remain a mystery.
ViaBleepingComputer
