Middle East Airlines

MEA, operating under aliases including Middle East Airlines and MEA Lebanon, is an airline headquartered in Lebanon. The provided context does not specify its core services, fleet composition, route network, or market reach. As an airline, its primary function is air transportation, though the scale of its operations, destinations served, and passenger or cargo focus are not detailed in the available information. No data is provided regarding its ownership structure, parent companies, or subsidiary relationships. The organization's positioning within the aviation sector, regulatory roles, or specializations beyond being a targeted entity remain undefined by the source material.

In September 2018, MEA was targeted by a cyberespionage campaign identified as DNSpionage. The attackers distributed malicious Microsoft Office documents through fraudulent job-hunting websites, relying on macro execution to deliver malware to victims. This malware established command-and-control communication using both HTTP and DNS-based methods, incorporating DNS tunneling techniques to exfiltrate data from compromised systems. The threat actors conducted detailed reconnaissance of victim networks to tailor their attacks and evade security detection. Additionally, they attempted to hijack DNS records for domains associated with targeted organizations, generating fraudulent Let's Encrypt certificates to facilitate redirection efforts. The malware achieved persistence by creating dedicated directories and executable files on infected systems. While the technical capabilities for DNS hijacking were demonstrated, the operational success of this specific component against MEA was not confirmed. The campaign simultaneously targeted government entities in Lebanon and the UAE, indicating MEA was selected as part of a broader regional espionage effort. This incident underscores the airline's exposure to sophisticated, state-aligned cyber threats aiming for intelligence gathering. The methods employed reflect a multi-vector approach combining social engineering, malware versatility, and infrastructure manipulation. No further details about MEA's internal security posture or the long-term impact of the intrusion are available from the provided summary.