Cyber Risk in the Aerospace Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Aerospace.

Report

Cloaked and Covert: Uncovering UNC3886 Espionage Operations

This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...

View Source

Report

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

This cybersecurity advisory from the U.S. Federal Bureau of Investigation (FBI) and its partners, highlights the cyber espionage activities of the ...

View Source

Report

APT45: North Korea’s Digital Military Machine

This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...

View Source

Report

ANALYSIS OF THE APT31 INDICTMENT

Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...

View Source

Report

Dragonfly: Cyberespionage Attacks Against Energy Suppliers

This report by Symantec details activities of the cyberespionage group known as Dragonfly. The reporting covers a campaign which initially focused ...

View Source

Report

The Operations of Winnti group

This report from researchers at NTT describes activity which they attribute to the Winnti Group (who they refer to as ENT-1) and identify overlaps ...

View Source

Report

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

This article by researchers at Unit 42 discusses the FalseFont backdoor used by Curious Serpens, an Iranian-affiliated espionage group targeting ...

View Source

Report

Operation Blockbuster: Unraveling the Long Thread of the Sony Attack

This report by Novetta covers 'Operation Blockbuster' which was a Novetta-led coalition of private industry partners aiming to understand and ...

View Source

Report

APT37 (REAPER) - The Overlooked North Korean Actor

This special report by FireEye discusses an investigation into APT37, a suspected North Korean cyber espionage group. According to the report, ...

View Source

Report

SVR cyber actors adapt tactics for initial cloud access

This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...

View Source

Report

RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale

This report from Recorded Future's Insikt Group outlines activity by the Red Hotel intrusion set. RedHotel is identified as a prominent Chinese ...

View Source

Report

Putter Panda Intelligence Report

This intelligence report published by CrowdStrike outlines cyber espionage activity against Western companies which they attribute to Putter ...

View Source

Report

APT1: Exposing One of China's Cyber Espionage Units

The APT1 report represents years of work by Mandiant, who analysed data across hundreds of breaches globally. The report identifies APT1 as a ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Aerospace.

Search:

ATT&CK ID	Title	Associated Tactics
T1014	Rootkit	Defense Evasion
T1068	Exploitation for Privilege Escalation	Privilege Escalation
T1003	OS Credential Dumping	Credential Access
T1071	Application Layer Protocol	Command and Control
T1560	Archive Collected Data	Collection
T1587.001	Malware	Resource Development
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1021	Remote Services	Lateral Movement
T1587.004	Exploits	Resource Development
T1083	File and Directory Discovery	Discovery
T1021.002	SMB/Windows Admin Shares	Lateral Movement
T1591	Gather Victim Org Information	Reconnaissance
T1572	Protocol Tunneling	Command and Control
T1190	Exploit Public-Facing Application	Initial Access
T1567	Exfiltration Over Web Service	Exfiltration
T1027	Obfuscated Files or Information	Defense Evasion
T1090	Proxy	Command and Control
T1592	Gather Victim Host Information	Reconnaissance
T1087	Account Discovery	Discovery
T1059	Command and Scripting Interpreter	Execution
T1596	Search Open Technical Databases	Reconnaissance
T1039	Data from Network Shared Drive	Collection
T1595	Active Scanning	Reconnaissance
T1036	Masquerading	Defense Evasion
T1598.003	Spearphishing Link	Reconnaissance
T1070.006	Timestomp	Defense Evasion
T1090.002	External Proxy	Command and Control
T1098.005	Device Registration	Persistence, Privilege Escalation
T1110	Brute Force	Credential Access
T1621	Multi-Factor Authentication Request Generation	Credential Access
T1528	Steal Application Access Token	Credential Access
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1584.004	Server	Resource Development
T1140	Deobfuscate/Decode Files or Information	Defense Evasion
T1553.002	Code Signing	Defense Evasion
T1071.001	Web Protocols	Command and Control
T1595.002	Vulnerability Scanning	Reconnaissance
T1041	Exfiltration Over C2 Channel	Exfiltration
T1566.001	Spearphishing Attachment	Initial Access
T1547.001	Registry Run Keys / Startup Folder	Persistence, Privilege Escalation
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1505.003	Web Shell	Persistence
T1583.003	Virtual Private Server	Resource Development
T1583.001	Domains	Resource Development
T1036.005	Match Legitimate Name or Location	Defense Evasion
T1574.001	DLL Search Order Hijacking	Defense Evasion, Persistence, Privilege Escalation

Showing 1 to 46 of 46 entries