Summary: A new cyber-espionage campaign has been identified, targeting key sectors like aviation and satellite communications in the UAE, attributed to a group known as UNK_CraftyCamel. The attack utilized advanced techniques, including the deployment of a sophisticated backdoor named Sosano via malicious email attachments. Researchers emphasized the attackers’ intent to collect intelligence through stealthy infection methods.
Affected: Aviation, satellite communications, and transportation infrastructure organizations in the UAE
Keypoints :
- Attack utilized a complex infection chain involving polyglot files to bypass security measures.
- Sosano backdoor, created in Golang, operates silently and connects to a command-and-control server for executing commands.
- Detection strategies include monitoring suspicious file executions and training users on recognizing malicious content.
Source: https://www.infosecurity-magazine.com/news/espionage-campaign-targets-uae/