Targeting of major aerospace companies in the United States, Russia, Europe, and the Middle East

Date of report

October 2021

Affiliations

MalKamak

An Iranian-linked threat actor dubbed MalKamak used a remote access Trojan (RAT) known as ShellClient to target aerospace and telecommunication companies. The RAT employed had been in development since at least 2018 and piggybacked off of Dropbox servers.

Suspected victims

Aerospace and telecommunication companies across the United States, Russia, Europe, and the Middle East.

Suspected state sponsor

Iran (Islamic Republic of)

Target category

Private sector

Victim government reaction

Unknown

Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events