Microsoft Warns of Attacks on Aerospace, Travel Sectors


The attacks start with spear-phishing messages that employ lures relevant to the targeted organizations, such as aviation, travel, and cargo, and deliver an image that pretends to be a PDF file and which contains an embedded link.

The attackers abuse legitimate web services and they leverage a newly identified loader dubbed Snip3 for the delivery of RATs.

Last week, security researchers with endpoint security solutions provider Morphisec revealed that, once the victim clicks on the link, a VBScript is fetched, which in turn drops a second-stage PowerShell script in charge of evading detection and dropping the final payload.