Operation CargoTalon : UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant.

SEQRITE Labs reports a targeted spear-phishing campaign against the Russian aerospace sector that delivered an EAGLET DLL implant via malicious EML/LNK attachments; the implant extracts a decoy XLS, executes via rundll32, establishes HTTP C2 communication (185.225.17.104) using a custom user-agent, and provides shell, download, and exfiltration capabilities. The report includes detailed technical analysis, IOCs (file hashes, filenames, C2 IP), MITRE ATT&CK mappings, and attribution ties to the Head Mare actor family.