As a result, the more eggs operation has used fake resumes instead of fake job offers to target hiring managers this year, according to eSentire research and reporting lead Keegan Keplinger in a press release.
Three of the four incidents occurred at the end of March, according to the Canadian cybersecurity firm. A U.S. aerospace firm, a U.K. accounting firm, a Canadian law firm, and a Canadian staffing agency are among the companies being targeted.
Golden Chickens (also known as Venom Spider) is believed to be behind the malware, which is a stealthy, modular backdoor suite capable of stealing valuable data and facilitating lateral movement across a compromised network, according to security researchers.
According to Keplinger, "More eggs achieves execution by delivering malicious code to legitimate Windows processes and allowing those Windows processes to do the work for them," Using the resumes as a ruse, the malware can be installed without detection.
In light of the fact that the intrusions were stopped before the attackers could carry out their plans, it is not clear what the attackers were looking for. In any case, it's important to keep in mind that once more eggs are in place, they could be used as a launching pad for additional attacks like data theft and ransomware.
Threat actors behind more eggs use scalable, spear-phishing approaches that weaponize expected communications, such as resumes that match a hiring manager's expectations or job offers, targeting hopeful candidates that match their current or previous job titles," Keplinger said.
Post a Comment
Your suggestions and comments are welcome