Aviation and public sector entities across the Middle East have been subjected to intrusions with the new Charon ransomware strain, which have involved tactics reminiscent of those leveraged by China-linked advanced persistent threat operation Earth Baxia, which previously used spear-phishing emails to facilitate malware compromise in the Asia-Pacific, according to The Record, a news site by cybersecurity firm Recorded Future.

Initial compromise through an unspecified attack vector enabled Charon ransomware to deactivate security tools, remove backups, and clear the recycle bin prior to the encryption of files and issuance of ransom notes, which include not only the name of the targeted organization but also an encrypted data listing alongside payment instuctions, a report from Trend Micro revealed. "This case exemplifies a concerning trend: the adoption of APT-level techniques by ransomware operators," said Trend Micro researchers, who remained inconclusive in their attribution of the attack campaign but warned of its potentially severe risks to businesses.

