Operation Silent Rotor: Targeted Campaign Compromises Unmanned Aviation Sector Ahead of Moscow Summit

Operation Silent Rotor is a targeted spear‑phishing campaign tracked by SEQRITE Labs that aims at professionals in the Eurasian unmanned aviation sector around the "Unmanned Aviation 2026" forum. The attackers distribute a ZIP (cai partner.zip) containing decoy documents and a Rust-compiled 64-bit Windows executable that displays a legitimate-looking DOCX decoy, fingerprints the host, exfiltrates encrypted JSON over HTTPS to cdn.kleymarket.ru, and downloads a second-stage AES-256-encrypted payload which it decrypts, drops and executes. The report includes technical analysis, C2 infrastructure (kleymarket.ru and IP 45.142.36.76), file hashes, MITRE ATT&CK mappings, and recommended detection IOCs.