DJI Mavic 3 drone manuals abused to deliver malware


A new campaign is actively targeting Ukraine’s military, which is increasingly relying on drones to aid them in the war against Russia.

ADVERTISEMENT

Threat actors are exploiting the popularity of unmanned aerial vehicles (UAVs) among the Ukrainian military. Cybersecurity company Securonix has observed a cluster of activity, including the spreading of UAV manuals infected with malware.

One of the infected manuals is written in the Ukrainian language for the DJI Mavic 3 drone. The Ukrainian military uses drones like this for traditional reconnaissance and directing artillery fire, and are modified to conduct direct attacks.

The malicious file is presented as a Microsoft help file, named “info on UAV training for the military.” Microsoft help files are used for providing application support, guides, and references.

The document is infected with MerlinAgent malware and is undetectable.

“Files and documents used in the attack chain are very capable of bypassing defenses, scoring 0 detections for the malicious .chm file. Typically receiving a Microsoft help file over the internet would be considered unusual. However, the attackers framed the lure documents to appear as something an unsuspecting victim might expect to appear in a help-themed document or file,” researchers said.

After successful infection, attackers can take full control of the system.

In August, the Government Computer Emergency Response Team of Ukraine CERT-UA issued a warning on MerlinAgent, saying it was a new open-source tool for attacking state organizations.

ADVERTISEMENT