Cybersecurity company Proofpoint has warned of an attacker employing a variety of methods to spread malware within organizations, and the latest technique is just as easy to fall for as it is to spot.
The attack, attributed to a financially motivated threat actor known as TA4557, impersonates a job applicant and uses attachments like PDFs and Word documents or malicious websites to spread malware.
According to Proofpoint, TA4557 has been using advanced social engineering tactics since 2018, including similar job applicant-type attacks for the last two years.
Recruiters beware
The latest method, which has been used since at least October 2023, begins with a benign email expressing interest in an open role.
From there, the chain between the recruiter and the malicious applicant continues, whereby the applicant finally engages in the attack. A resume, supposedly hosted on the applicant’s personal website, is shared with the victim.
The legitimate-looking website hosts a downloadable .zip file which includes a shortcut file (LNK). Ultimately, the malware exists to gain unauthorized access to a victim’s machine and then to drop additional payloads.
In some cases, the threat actor shared details of the malicious website via email attachments, including PDF and Word documents.
Of the two screenshots shared on Proofpoint’s blog, both use custom email domains and direct the recruiter to a website using that same domain.
According to Proofpoint, there’s been a recent uptick in the number of social engineering scams using benign emails. The cybersecurity firm added:
“Organizations that use third-party job posting websites should be aware of this actor’s tactics, techniques, and procedures (TTPs) and educate employees, especially those in recruiting and hiring functions, about this threat.”
More from TechRadar Pro
- Shared too much? Here’s the best identity theft protection
- Boost your protection with the best firewalls and best endpoint protection
- Ransomware, AI, and social engineering all set to be 2024's biggest security threats