Low-Tech Attacks Known as “Operation Layover” Infects Computers with Malware
Note: We may earn a commission from products or services when you click on a link and make a purchase.
A hacker based in Nigeria is believed to be responsible for attacks on the aviation industry with malware. The hacker uses phishing emails to infect computers with malware and spies on victims or steals credentials.
Organizations infected with AsyncRAT and njRAT malware can lose money and data. The malware can be used over long periods of time and go undetected.
The hacker is believed to be not especially talented technically. They are using off-the-shelf malware disguised with different crypters. The malware is not customized for this attack.
“Cisco Talos linked the recent aviation targeting campaigns to an actor who has been targeting the aviation industry for two years,” says cyber security researchers at Cisco Talos.
The researchers also noted that although the aviation industry has been targeted for two years. This hacker has been active for about five years.
Phishing emails contain subjects such as “Trip Itinerary Details” and “Bombardier.”
If a target is tricked by the phishing email and clicks on a link, they are redirected to a malicious website. Seventy-three percent of the IPs used in the attacks were based in Nigeria.
To defend against attacks like this, use an antivirus app that prevents access to malicious websites and detects malware used in these attacks.