Cyber Risk in the Aerospace Sector
Understand more about cyber risk in this sector.
Cyber Risk Graph
Explore how this sector relates to the wider risk graph
Threat Reports
Publicly available threat reporting on cyber attacks against Aerospace.
Cloaked and Covert: Uncovering UNC3886 Espionage Operations
This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
This cybersecurity advisory from the U.S. Federal Bureau of Investigation (FBI) and its partners, highlights the cyber espionage activities of the ...
APT45: North Korea’s Digital Military Machine
This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...
ANALYSIS OF THE APT31 INDICTMENT
Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...
Dragonfly: Cyberespionage Attacks Against Energy Suppliers
This report by Symantec details activities of the cyberespionage group known as Dragonfly. The reporting covers a campaign which initially focused ...
The Operations of Winnti group
This report from researchers at NTT describes activity which they attribute to the Winnti Group (who they refer to as ENT-1) and identify overlaps ...
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention
This article by researchers at Unit 42 discusses the FalseFont backdoor used by Curious Serpens, an Iranian-affiliated espionage group targeting ...
Operation Blockbuster: Unraveling the Long Thread of the Sony Attack
This report by Novetta covers 'Operation Blockbuster' which was a Novetta-led coalition of private industry partners aiming to understand and ...
APT37 (REAPER) - The Overlooked North Korean Actor
This special report by FireEye discusses an investigation into APT37, a suspected North Korean cyber espionage group. According to the report, ...
SVR cyber actors adapt tactics for initial cloud access
This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
This report from Recorded Future's Insikt Group outlines activity by the Red Hotel intrusion set. RedHotel is identified as a prominent Chinese ...
Putter Panda Intelligence Report
This intelligence report published by CrowdStrike outlines cyber espionage activity against Western companies which they attribute to Putter ...
APT1: Exposing One of China's Cyber Espionage Units
The APT1 report represents years of work by Mandiant, who analysed data across hundreds of breaches globally. The report identifies APT1 as a ...
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use against Aerospace.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1014 | Rootkit | Defense Evasion |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1003 | OS Credential Dumping | Credential Access |
| T1071 | Application Layer Protocol | Command and Control |
| T1560 | Archive Collected Data | Collection |
| T1587.001 | Malware | Resource Development |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1021 | Remote Services | Lateral Movement |
| T1587.004 | Exploits | Resource Development |
| T1083 | File and Directory Discovery | Discovery |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1591 | Gather Victim Org Information | Reconnaissance |
| T1572 | Protocol Tunneling | Command and Control |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1090 | Proxy | Command and Control |
| T1592 | Gather Victim Host Information | Reconnaissance |
| T1087 | Account Discovery | Discovery |
| T1059 | Command and Scripting Interpreter | Execution |
| T1596 | Search Open Technical Databases | Reconnaissance |
| T1039 | Data from Network Shared Drive | Collection |
| T1595 | Active Scanning | Reconnaissance |
| T1036 | Masquerading | Defense Evasion |
| T1598.003 | Spearphishing Link | Reconnaissance |
| T1070.006 | Timestomp | Defense Evasion |
| T1090.002 | External Proxy | Command and Control |
| T1098.005 | Device Registration | Persistence, Privilege Escalation |
| T1110 | Brute Force | Credential Access |
| T1621 | Multi-Factor Authentication Request Generation | Credential Access |
| T1528 | Steal Application Access Token | Credential Access |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1584.004 | Server | Resource Development |
| T1140 | Deobfuscate/Decode Files or Information | Defense Evasion |
| T1553.002 | Code Signing | Defense Evasion |
| T1071.001 | Web Protocols | Command and Control |
| T1595.002 | Vulnerability Scanning | Reconnaissance |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1547.001 | Registry Run Keys / Startup Folder | Persistence, Privilege Escalation |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1505.003 | Web Shell | Persistence |
| T1583.003 | Virtual Private Server | Resource Development |
| T1583.001 | Domains | Resource Development |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |