The organization was the victim of a watering hole attack, likely attributable to the APT LuckyMouse group
The International Civil Aviation Organization (ICAO) was a victim of a large-scale cyberattack back in 2016. Indeed, in November of that year, a cyber-intelligence analyst at Lockheed Martin contacted the international organization after finding that cybercriminals took control of two of its servers.
The ICAO had been targeted by a watering hole attack, where a cyberattacker uses an exploit on a website frequented by the intended target. The analyst at Lockheed Martin emphasized that this attack could represent a “significant threat to the aviation industry.”
This cyberattack has been linked to the APT LuckyMouse group, also known as Emissary Panda, APT27, and Bronze Union.
Following on from speaking to Lockheed Martin, the ICAO mandated an external analyst to evaluate the attack. Preliminary analysis by Secureworks revealed deeper problems. This analysis, as reported by Radio-Canada (article in French), indicated