PlugX Spear-Phishing Targets Gov & Aviation Sectors

A sophisticated spear-phishing campaign is targeting governmental and aviation sectors in one region using the PlugX malware family. The attack begins with emails leading to a fake verification page, which then delivers a malicious archive containing a Windows shortcut file. This shortcut triggers a multi-stage infection process involving PowerShell scripts and DLL sideloading to execute the final payload. While a decoy document is displayed to the victim, the malware establishes a connection to a command-and-control server for espionage purposes. The tactics, including the use of cloud-hosted infrastructure and specific malware tools, strongly link the campaign to state-sponsored threat actors.

Latest mentioned: 10-07

Earliest mentioned: 10-06

Sources

securityonline.info therecord.media

Also Read

Lampion Banking Trojan Evolves with New Social Engineering Tactics

A cybercriminal group has refined its malware campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, active since 2019, targets Portuguese-speaking banks and uses complex infection methods to evade detection. Researchers have documented significant tactical evolution, including the use of ClickFix lures and compromised email accounts. The phishing emails employ convincing banking themes, and the infection chain comprises multiple obfuscated Visual Basic script stages. The Lampion stealer has evolved into a single 700MB DLL file, incorporating encrypted ZIP files to hinder detection.

10-31Read more →