Operation Cargotalon: Targeting Russian Aerospace Defense Using Eaglet Implant

Description

UNG0901, a threat group targeting Russian aerospace and defense sectors, has been discovered conducting a spear-phishing campaign against the Voronezh Aircraft Production Association. The operation, dubbed 'CargoTalon', utilizes a custom DLL implant called EAGLET, which is disguised as a ZIP file containing transport documents. The infection chain involves a malicious LNK file that executes the EAGLET implant, which then establishes communication with a command-and-control server for remote access and data exfiltration. The campaign employs sophisticated tactics, including decoy documents related to Russian logistics operations, and shows similarities with another threat group known as Head Mare. The attackers' motivation appears to be espionage against Russian governmental and non-governmental entities.