Operation CargoTalon UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant.

Introduction

SEQRITE Labs APT-Team has recently found a campaign targeting the Russian Aerospace Industry. The campaign aims at employees of Voronezh Aircraft Production Association (VASO), a significant aircraft production entity in Russia, using товарно-транспортная накладная (TTN) documents, which are critical to Russian logistics operations. The entire malware ecosystem involved in this campaign is based on the usage of a malicious LNK file EAGLET DLL implant, further executing malicious commands and exfiltrating data.

In this blog, we will explore the campaign’s technical details, examining the various stages from a deep dive into the initial infection chain to the implant used, concluding with a final overview covering the campaign.

To read the complete article see: Operation CargoTalon