A new ransomware campaign utilizing the previously undocumented Charon malware targets the Middle Eastβs public sector and aviation industry. The campaign employs sophisticated techniques similar to APT groups, raising concerns about the evolving tactics of cybercriminals and nation-state actors. #CharonRansomware #EarthBaxia
Keypoints
- The Charon ransomware campaign targets the Middle Eastβs public sector and aviation industry using advanced tactics.
- Threat actors use DLL side-loading and process injection, mimicking techniques of APT groups like Earth Baxia.
- Charon employs disruptive actions such as deleting backups and shadow copies to hinder recovery efforts.
- The ransomware uses a driver to disable endpoint detection solutions, with some features possibly still under development.
- Experts suggest the campaign could be linked to Earth Baxia, a false flag, or a new threat actor exhibiting similar tactics.
Read More: https://thehackernews.com/2025/08/charon-ransomware-hits-middle-east.html