Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat.
A new report from U.S.-based cybersecurity company Proofpoint exposes a new attack campaign operated by a financially-oriented threat actor dubbed TA4557 with high financial data theft risks and possibly more risks such as intellectual property theft.
In this social engineering campaign, the threat actor targets recruiters with benign content before infecting their machines with the More_Eggs malware. This threat actor takes extra care to avoid being detected.
Jump to:
How recruiters are targeted by threat actor TA4557
The latest attack campaign from threat actor TA4557, as exposed by Proofpoint, targets recruiters by sending them a direct email. The group pretends to be an individual interested in a job (Figure A).
Figure A
Sample email sent by TA4557 to a recruiter. Image: Proofpoint
The email does not include any malicious content. Once the recruiter replies to the email, the attacker replies with a link leading to an attacker-controlled website posing as an individual’s resume (Figure B).
Figure B
The attacker-controlled website provides a clickable link leading to malware. Image: Proofpoint
An alternative method used by the threat actor consists of replying to the recruiter with a PDF or Microsoft Office Word file containing instructions to visit the fake resume website.
Infection leads to More_Eggs malware
The website employs filtering mechanisms to assess whether the subsequent phase of the attack should be initiated. If the criteria for filtering are not met, the user is presented with a pl ..
Support the originator by clicking the read the rest link below.
