Cyber Espionage Campaign Hits Russian Aerospace
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
---
title: "Cyber Espionage Campaign Targets Russian Aerospace Sector with EAGLET Backdoor"
categories: [Cybersecurity & Data Protection, Data breaches]
tags: [cybersecurity, threat-intelligence, data-exfiltration]
author: Tom
date: 2025-07-25
---
## **TL;DR**
The Russian aerospace and defense industries have been targeted in a sophisticated cyber espionage campaign using the EAGLET backdoor for data exfiltration. This campaign, known as Operation CargoTalon, is attributed to a threat cluster tracked as UNG0901. The campaign specifically targets employees of the Voronezh Aircraft Production Association (VASO).
## **Cyber Espionage Campaign Hits Russian Aerospace Sector**
The Russian aerospace and defense industries are facing a significant cyber threat with the emergence of a sophisticated espionage campaign. This campaign, dubbed Operation CargoTalon, utilizes a backdoor known as EAGLET to infiltrate systems and exfiltrate sensitive data. The activity has been attributed to a threat cluster identified as UNG0901 (Unknown Group 901).
### **Operation CargoTalon: An Overview**
Operation CargoTalon is a targeted cyber espionage campaign aimed at the Russian aerospace and defense sectors. The primary objective of this campaign is to gain unauthorized access to sensitive information by deploying the EAGLET backdoor. This backdoor facilitates data exfiltration, allowing the threat actors to steal valuable data from the targeted organizations.
### **Targeted Organizations**
One of the key targets of this campaign is the Voronezh Aircraft Production Association (VASO). Employees of VASO have been specifically targeted, highlighting the strategic importance of this organization in the aerospace industry. The campaign's focus on VASO underscores the potential impact on Russian aerospace and defense capabilities.
### **The EAGLET Backdoor**
The EAGLET backdoor is a sophisticated tool used by the threat actors to gain persistent access to the targeted systems. Once deployed, EAGLET allows the attackers to exfiltrate data undetected, posing a significant risk to the confidentiality and integrity of the targeted organizations' information.
### **Threat Cluster UNG0901**
The campaign has been attributed to a threat cluster tracked as UNG0901. This group is known for its advanced tactics and techniques, making it a formidable adversary in the cyber espionage landscape. The attribution to UNG0901 highlights the need for enhanced cybersecurity measures to counter such threats.
## **Conclusion**
The cyber espionage campaign targeting the Russian aerospace and defense industries serves as a reminder of the persistent threats faced by critical infrastructure sectors. Operation CargoTalon, with its use of the EAGLET backdoor, underscores the importance of robust cybersecurity measures to protect against data exfiltration and other cyber threats. Organizations in these sectors must remain vigilant and proactive in their defense strategies to safeguard sensitive information and maintain operational integrity.
For more details, visit the full article: [source](https://thehackernews.com/2025/07/cyber-espionage-campaign-hits-russian.html)
This post is licensed under
CC BY 4.0
by the author.