Cyber spies are quietly stealing engineering blueprints and GPS data from Russian aviation companies

Kaspersky disclosed a previously undocumented cyber-espionage group called HeartlessSoul that has been targeting Russian government agencies and aviation companies since at least September 2025 to steal geographic information system (GIS) data - the specialized files containing detailed maps of roads, engineering networks, terrain, and strategic facilities. The targeting suggests state-aligned interest in Russian infrastructure mapping rather than financial gain. Kaspersky did not name a likely sponsor but the targeting profile is consistent with a Ukraine-aligned or Western-aligned operator. The group uses tailored phishing, custom malware, and persistent network access.

Check

If your organization handles GIS data for any government or critical infrastructure customer, assume your sector is now an active target and tighten access controls on map data this week.

Affected

Russian government agencies and aviation companies are the named targets, but the technique is generic: any organization holding detailed GIS files for critical infrastructure (electric grid, telecoms, water, road, rail, military bases) is in the broader target pool. Engineering and architecture firms working on infrastructure projects are particularly exposed.

Fix

Treat GIS files as high-value data and apply DLP rules that flag bulk transfers of .shp, .gdb, .kml, .gpx, and .tif files. Restrict GIS server access to named users with logging on every download. For engineering firms: require two-person approval for downloading complete map sets. Western firms holding sensitive infrastructure maps face the same risk from China, Russia, and others.