SYMBOLCOMMON_NAMEaka. SYNONYMS

HollowQuill  (Back to overview)


SEQRITE Labs APT-Team has been tracking and has uncovered a campaign targeting the Baltic State Technical University, a well-known institution for various defense, aerospace, and advanced engineering programs that contribute to Russia’s military-industrial complex. Tracked as Operation HollowQuill, the campaign leverages weaponized decoy documents masquerading as official research invitations to infiltrate academic, governmental, and defense-related networks. The threat entity delivers a malicious RAR file which contains a .NET malware dropper, which further drops other Golang based shellcode loader along with legitimate OneDrive application and a decoy-based PDF with a final Cobalt Strike payload.


Associated Families

There are currently no families associated with this actor.


References
2025-03-31SeqriteMahua Chakrabarthy, Sanjay Katkar
Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs
Cobalt Strike HollowQuill

Credits: MISP Project