FormBook infostealer targets aerospace and defense industry

Delaware, USA – October 09, 2017 – We have recently written that credential theft attacks have become more frequent. Last Thursday, researchers from FireEye, Arbor Networks and ISC SANS reported several campaigns that were targeted at the aerospace and defense industry mainly in the US, India and South Korea. The primary distribution vector is spear phishing; emails contain a malicious attachment: this can be a Microsoft Office document, PDF, ISO or another archive with a malicious script or link. FormBook infostealer is used in each case. This virus is designed primarily to steal data, but it can also download and run files from the command server and even run commands via ShellExecute. FormBook does not have any outstanding features, but it can be “rented” by anyone on underground forums forum for a small price. Because of this, it is impossible to pinpoint which cybercriminal groups are behind the latest malicious campaigns using this infostealer.

Malware-as-a-Service is gaining popularity this year. To protect against constantly emerging threats, it is necessary to enable the most efficient use of the security technologies available in your organization, such as SIEM, vulnerability scanners, firewalls, antiviruses, proxies, etc. APT Framework for ArcSight, QRadar and Splunk uses behavioral analysis and statistical profiling and enables your SIEM to detect APT at any stage of the Cyber ​​Kill Chain using data from all existing technologies.