BlackBerry’s cybersecurity crew stumbled upon something pretty wild – a sneaky cyber-espionage plot targeting US aerospace hotshots. They’re calling it AeroBlade, a name that adds a bit of mystery to the whole affair. So, what’s the deal? Well, these folks seem to have a thing for swiping data and playing the cyber-espionage game, but we’re still in the dark about their endgame. It’s like they just rolled into the scene, so the BlackBerry researchers thought, “Hey, let’s call them AeroBlade.”
Now, let’s break down the action. The whole shebang goes down in two acts. Act one is a bit of a sneak peek, a reconnaissance mission if you will. Act two is where the real action happens – they go in for the data theft, armed with some nasty malware.
The party starts with a sneaky spear-phishing email. Inside, there’s a tricky DOCX file just waiting to cause trouble. Pop that file open, and it fetches another file, this time with a DOTM tag, from some far-off location. For those not in the Microsoft Word lingo, DOTM is a document template. This file pulls a slick move with a macro, conjuring up a reverse shell on the target’s turf. This shell then links up with a C2 server, ready for its next set of orders.
Now, here’s where the victim gets roped in – they gotta manually click “Enable Content” in the DOCX file. Sneaky, right? The redacted.dotm document then drops a new file and cracks it open, making it look all legit to the poor victim. Act one, spotted back in September of last year, was all about mapping out the directories on the target’s turf. Act two, which went down in July this year, was the grand finale – data theft success.