This report is about a threat actor phishing individuals working in highly sensitive corporate environments. The bad actor is targeting individuals who work in the defense or aerospace sectors. This is likely a campaign to steal sensitive data from classified settings.
The phishing campaign is set up to entice users with fake job offers from crafted LinkedIn profiles. The bad actor sends a OneDrive link or malicious file which compromises the user’s device when accessed. The delivery mechanism leads to a backdoor being installed on the system giving the threat actor unauthorized access to the affected machine. The threat vectors for this attack can either be social media or email depending on the open-source intelligence gathered by the adversary.
Organizations are highly encouraged to:
Supporting Documentation
About OSINT: https://www.sentinelone.com/blog/what-is-osint-how-is-it-used/
MITRE Mapping(s)
https://attack.mitre.org/techniques/T1566/
https://attack.mitre.org/techniques/T1279/
https://attack.mitre.org/techniques/T1204/001/ https://attack.mitre.org/techniques/T1204/002/
Is finding the time to keep all systems patched a challenge? We can help. Avertium offers a Vulnerability Management as a Service Program to give busy security pros a hand-up.
LEARN MORE
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.