An unknown threat actor has breached an as-yet-unnamed US aerospace company. According to BlackBerry, who first highlighted the attack, the threat actor’s weaponization of a phishing attack became operational around September 2022, with the offensive phase of the attack occurring almost a year later in July of this year.
The cybercriminals responsible, whom BlackBerry has christened “AeroBlade,” are believed to have used the intervening nine months to develop the additional resources necessary to ensure access to the aerospace company’s systems to exfiltrate potentially highly valuable information – pointing to a high degree of professionalism and persistence on the part of the attacker.
“Weaponisation became operational around September 2022. BlackBerry assesses with medium to high confidence that the offensive phase of the attack occurred in July 2023. The attacker improved its toolset during that time, making it stealthier, while the network infrastructure remained the same,” says BlackBerry.
Both the identity of the threat actors and their motivation appear to be unknown as yet. BlackBerry, however, believes the threat actors’ motives to have been primarily financial.
“Given the relatively sophisticated technical capabilities this threat actor deployed and the victim’s timelines, we conclude with a high degree of confidence that this was a commercial cyberespionage campaign. Its purpose was most likely to gain visibility over the internal resources of its target to weigh its susceptibility to a future ransom demand,” says BlackBerry.
Concerns regarding national security
However, even if the initial aim of the breach was to lay the ground for a future ransomware demand, this does not preclude other possibilities. For example, there is nothing to stop the threat actor from also selling stolen data and intellectual property to a potentially hostile foreign power while simultaneously conducting a ransomware attack on the aerospace company. That a US aerospace company could be hacked so easily via a relatively straightforward, although extremely well-executed, phishing attack raises inevitable concerns regarding national security.
According to BlackBerry, all the threat actors had to do to bypass the aerospace company’s cyber-defenses was to email an unsuspecting company employee with an attached Word document. When the employee tried to open the weaponized document, the text appeared scrambled. Instructions falsely appearing to come from Microsoft then directed the staff member to open what was a lure, enabling the threat actor to launch the attack and sit undetected on the aerospace company’s systems.
BlackBerry’s revelations follow newspaper allegations in the U.K. this week that a major nuclear facility in England, Sellafield, has been breached by Russian and Chinese threat actors.
