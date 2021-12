In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic, or traffic with underlying malicious intent, to go unnoticed. It is unclear if the adversary was able to successfully exfiltrate data from the victim environment, though files found on the threat actor’s command and control (C2) server suggest the possibility that they may have accessed reservation data.

