Cybersecurity experts are raising alarms about a new tactic employed by a sophisticated hacking group known for its financially motivated attacks. This group is now specifically targeting recruiters and human resources personnel by impersonating job applicants.
The attackers craft convincing emails, posing as prospective candidates seeking employment. These emails often include seemingly legitimate attachments, such as resumes or cover letters. However, these documents are weaponized, containing malware designed to compromise the recipient’s system upon opening.
This technique is a form of highly targeted phishing, leveraging the inherent trust and workflow associated with the hiring process. Recruiters are accustomed to opening attachments from unknown senders who claim to be applicants, making them a vulnerable target.
Once the malicious document is opened, the malware is executed, potentially giving the attackers a foothold within the company’s internal network. From this initial compromise, the hackers can attempt to move laterally, escalate privileges, and ultimately pursue their financial objectives, which could include data theft, ransomware deployment, or payment system compromise.
This highlights the critical need for enhanced cybersecurity awareness within all departments, especially those frequently interacting with external parties through email and attachments. Recruiters must exercise extreme caution, verify sender legitimacy where possible, and rely on secure methods for document sharing. Organizations need robust endpoint protection and employee training to defend against this evolving threat.
Source: https://www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-seekers-to-backdoor-recruiters-devices/
