icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

New Polyglot Malware Hits Aviation, Satellite Communication Firms

Summary:
A newly identified polyglot malware is being leveraged in targeted attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. The malware delivers a backdoor named Sosano, enabling attackers to establish persistence on infected systems. A newly identified polyglot malware is being leveraged in targeted attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. The malware delivers a backdoor named Sosano, enabling attackers to establish persistence on infected systems and execute remote commands. The activity was first discovered by Proofpoint in October 2024, linking it to a previously untracked threat actor known as UNK CraftyCamel. Though the campaign is currently limited in scale, Proofpoint researchers warn that it demonstrates a high level of sophistication and cyber-espionage intent, posing a significant threat to its targets. While elements of the campaign bear similarities to operations conducted by Iranian-aligned groups TA451 and TA455, Proofpoint asserts that the attack sequence and tradecraft indicate a distinct operation with a strong focus on intelligence gathering.

The malware’s use of polyglot files is a critical factor in its ability to evade detection. Polyglot malware consists of files designed with multiple embedded formats, allowing them to be interpreted differently by various applications. This technique is highly effective for bypassing security defenses, as many security tools analyze only the primary file type while ignoring any secondary hidden structures. In this campaign, the attackers utilize a spear-phishing attack vector, sending emails from a compromised Indian electronics company, to deceive victims. The phishing emails direct recipients to a spoofed website, prompting them to download a malicious ZIP archive. This archive contains a Windows shortcut file disguised as an Excel spreadsheet and two polyglot PDF files that serve as lures. These PDFs appear legitimate, but they contain hidden, malicious elements.

Contact Us for Threat Assistance
Back to Current Threats