Overview: Phishing Campaign Uses Fake Job Offers

This report is about a threat actor phishing individuals working in highly sensitive corporate environments. The bad actor is targeting individuals who work in the defense or aerospace sectors. This is likely a campaign to steal sensitive data from classified settings.

Tactics, Techniques, and Procedures

The phishing campaign is set up to entice users with fake job offers from crafted LinkedIn profiles. The bad actor sends a OneDrive link or malicious file which compromises the user’s device when accessed. The delivery mechanism leads to a backdoor being installed on the system giving the threat actor unauthorized access to the affected machine. The threat vectors for this attack can either be social media or email depending on the open-source intelligence gathered by the adversary.

Business Unit Impact

  • May result in the loss of sensitive or classified data
  • Could lead to a myriad of lateral movement opportunities for a crafty threat actor

Recommendations

Organizations are highly encouraged to:

  • Provide employee security awareness training to instill a healthy level of suspicion while utilizing common online tools
  • Ensure systems receive the latest updates and software patches regularly
  • Consider turning off the auto-download feature in your mail client of choice

Supporting Documentation

About OSINT: https://www.sentinelone.com/blog/what-is-osint-how-is-it-used/

MITRE Mapping(s)

https://attack.mitre.org/techniques/T1566/
https://attack.mitre.org/techniques/T1279/
https://attack.mitre.org/techniques/T1204/001/ https://attack.mitre.org/techniques/T1204/002/

Is your team's plate overflowing?

Is finding the time to keep all systems patched a challenge? We can help. Avertium offers a Vulnerability Management as a Service Program to give busy security pros a hand-up.

LEARN MORE

Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.

This informed analysis is based on the latest data available.