Threat Actor targets Russia’s Aviation Sector.

July 6, 2024

INCIDENT

A threat actor known as "Sticky Werewolf" is using layered infection chains to compromise organizations involved with Russia's aviation industry. The group has been around since at least April 2023, and seems to be interested in espionage relating to the conflict between Russia and Ukraine.

The group was targeting public organizations in Russia and Belarus, but recent targets have included a pharmaceutical company and a Russian research institute involved in microbiology and vaccine development. In prior campaigns, Sticky Werewolf phishing emails included links to download malicious files. Now, its infections are notably more complex. The final payload will be some sort of commercial remote access Trojan (RAT).

Incident Date

June 7, 2024

Estimated Cost


No cost values disclosed.

Type of Malware

Threat Source