Cyber Espionage Group Targets Aviation Firms to Steal Map Data

Kaspersky researchers observed a sophisticated espionage campaign dubbed HeartlessSoul that uses phishing, malvertising, fake download pages (including a planted SourceForge project), JavaScript RATs, PowerShell scripts, fileless execution and LNK exploit chains to steal GIS/GPS and other geospatial data from government and enterprise targets; the activity (tracked since at least Feb 2025 with origins back to Sep 2025) aims to collect operational mapping and navigation intelligence, attribution is unresolved, and defenders are advised to harden GIS workflows with zero-trust, segmentation, and focused monitoring.