A targeted spear-phishing campaign that configures AnyDesk for silent, persistent remote access and exfiltrates its configuration using the Blat SMTP utility. The campaign uses an aerospace-themed invoice lure that impersonates the Russian research institute VNIIR via a freshly registered spoof domain (vniir-avia.space) and delivers a password-protected archive that, when opened, triggers a multi-stage dropper and […] The post Attackers Exfiltrate AnyDesk Configuration Data via Blat SMTP in Aerospace Phishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/smtp-in-aerospace-phishing-campaign/
![]()

