Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor

Posted on July 25, 2025July 25, 2025 By CWS

Jul 25, 2025Ravie LakshmananCyber Espionage / Malware
Russian aerospace and protection industries have develop into the goal of a cyber espionage marketing campaign that delivers a backdoor known as EAGLET to facilitate knowledge exfiltration.
The exercise, dubbed Operation CargoTalon, has been assigned to a risk cluster tracked as UNG0901 (quick for Unknown Group 901).
“The marketing campaign is aimed toward focusing on staff of Voronezh Plane Manufacturing Affiliation (VASO), one of many main plane manufacturing entities in Russia by way of utilizing товарно-транспортная накладная (TTN) paperwork — vital to Russian logistics operations,” Seqrite Labs researcher Subhajeet Singha mentioned in an evaluation revealed this week.
The assault commences with a spear-phishing e-mail bearing cargo delivery-themed lures that comprise a ZIP archive, inside which is a Home windows shortcut (LNK) file that makes use of PowerShell to show a decoy Microsoft Excel doc, whereas additionally deploying the EAGLET DLL implant on the host.

The decoy doc, per Seqrite, references Obltransterminal, a Russian railway container terminal operator that was sanctioned by the U.S. Division of the Treasury’s Workplace of International Property Management (OFAC) in February 2024.
EAGLET is designed to collect system info and set up a connection to a hard-coded distant server (“185.225.17[.]104”) so as to course of the HTTP response from the server and extract the instructions to be executed on the compromised Home windows machine.
The implant helps shell entry and the flexibility to add/obtain recordsdata, though the precise nature of the next-stage payloads delivered via this methodology is unknown, provided that the command-and-control (C2) server is at the moment offline.
Seqrite mentioned it additionally uncovered comparable campaigns focusing on the Russian navy sector with EAGLET, to not point out supply code and focusing on overlaps with one other risk cluster tracked as Head Mare that is recognized to focus on Russian entities.
This contains the purposeful parallels between EAGLET and PhantomDL, a Go-based backdoor with a shell and file obtain/add function, in addition to the similarities within the naming scheme used for the phishing message attachments.

The disclosure comes because the Russian state-sponsored hacking group known as UAC-0184 (aka Hive0156) has been attributed to a recent assault wave focusing on victims in Ukraine with Remcos RAT as just lately as this month.
Whereas the risk actor has a historical past of delivering Remcos RAT since early 2024, newly noticed assault chains distributing the malware have been simplified, using weaponized LNK or PowerShell recordsdata to retrieve the decoy file and the Hijack Loader (aka IDAT Loader) payload, which then launches Remcos RAT.
“Hive0156 delivers weaponized Microsoft LNK and PowerShell recordsdata, resulting in the obtain and execution of Remcos RAT,” IBM X-Drive mentioned, including it “noticed key decoy paperwork that includes themes that recommend a give attention to the Ukrainian navy and evolving to a possible wider viewers.”

The Hacker News Tags:Aerospace, Backdoor, Campaign, Cyber, EAGLET, Espionage, Hits, Russian, Sector

Post navigation

Previous Post: Strengthening Security Measures In Digital Advertising Platforms
Next Post: Critical VMware Tools VGAuth Vulnerabilities Enable Full System Access for Attackers

Related Posts

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages The Hacker News
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code The Hacker News
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group The Hacker News
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms The Hacker News
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks The Hacker News
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • 15 Best Docker Monitoring Tools in 2025
  • 20 Best SNMP Monitoring Tools in 2025
  • Hackers Compromised Official Gaming Mouse Software to Deliver Windows-based Xred Malware
  • Infamous BreachForums Is Back Online With All Accounts and Posts Restored
  • Microsoft Probes Leak in Early Alert System as Chinese Hackers Exploit SharePoint Vulnerabilities

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • 15 Best Docker Monitoring Tools in 2025
  • 20 Best SNMP Monitoring Tools in 2025
  • Hackers Compromised Official Gaming Mouse Software to Deliver Windows-based Xred Malware
  • Infamous BreachForums Is Back Online With All Accounts and Posts Restored
  • Microsoft Probes Leak in Early Alert System as Chinese Hackers Exploit SharePoint Vulnerabilities

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News