At the beginning of May 2020, Telsy analyzed some social-engineering based attacks against individuals operating in the aerospace and avionics sector performed through the popular professional social network LinkedIn.
According to our visibility, the targeted organizations are currently operating within the Italian territory and the targeted individuals are subjects of high professional profile in the aerospace research sector.
Adversary used a real-looking LinkedIn virtual identity impersonating an HR (Human Resource) recruiter of a satellite imagery company with which it contacted the targets via internal private messages, inviting them to download an attachment containing information about a fake job vacation.
Based on code similarities of analyzed pieces of malware, Telsy asserts, with a medium degree of confidence, that the reported event is to be linked with the threat actor known by community as Muddywater (aka Static Kitten, aka Mercury).
For questions, concerns or more information regarding the reported event, it’s possibile to refer to the email address firstname.lastname@example.org
Download the full PDF report by clicking on the icon below:
In addition, it’s possible to refer to our GitHub repository for text format Indicators of Compromise