Attackers Exfiltrate AnyDesk Configuration Data via Blat SMTP in Aerospace Phishing Campaign
The Rare Werewolf threat group is conducting a spear-phishing campaign targeting the aerospace sector by utilizing AnyDesk for persistent remote access and Blat SMTP to exfiltrate configuration data. Attackers employ password-protected invoice lures to bypass defenses and deploy living-off-the-land techniques to maintain covert control over compromised systems.