AeroBlade Targeting the U.S. Aerospace Industry

5 Dec 2023

1 MIN read

AeroBlade, a cyber espionage group, first gained notoriety in September 2022 after BlackBerry discovered their complex cyber espionage activities. The group orchestrated two significant campaigns: an initial phase in 2022, serving as a trial run, followed by a more advanced assault in July 2023, targeting a leading aerospace company in the U.S.

AeroBlade’s approach is characterised by spear-phishing and remote template injection. They distributed weaponised documents via email, enabling the deployment of malicious VBA macro code that triggered their final payload, a reverse shell. This tool granted the attackers remote control over the victim’s systems.

Between their 2022 and 2023 operations, AeroBlade significantly refined its methods. The 2023 campaign demonstrated enhanced obfuscation, anti-analysis measures, and a more complex payload delivery system. AeroBlade exhibited capabilities such as establishing reverse shells, extracting information from compromised systems, and using techniques to prevent disassembly and analysis of their code, indicating their increasing sophistication and efforts to avoid detection.

The group’s focus on the American aerospace sector suggests a motive of industrial cyber espionage, aiming to acquire sensitive internal information and setting the groundwork for future ransom demands. Their targeting of a critical industry sector emphasises the strategic importance cybercriminals attribute to exclusive corporate data and trade secrets.

The rise of groups like AeroBlade serves as a warning about the constantly changing landscape of cybersecurity. It’s crucial for organisations, particularly those in vital sectors like aerospace, to continuously enhance their cyber defences to protect against such advanced and evolving threats.