The Hacker News reported:
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers.
"The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared with The Hacker News.
This is an example of a living-off-the-land-style attack that raises the bar on how attackers can trick defense mechanisms and sneak their way into the target's system without attracting much attention.
"The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared with The Hacker News.
This is an example of a living-off-the-land-style attack that raises the bar on how attackers can trick defense mechanisms and sneak their way into the target's system without attracting much attention.
Find the original post here.
Key Takeaway: Reach out to your IT team if you suspect an external party has remote access to your system.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Key Takeaway: Reach out to your IT team if you suspect an external party has remote access to your system.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat