Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,104,953 members, 7,661,781 topics. Date: Wednesday, 29 November 2023 at 05:04 PM

Hackers Infiltrate Corporate Organizations Using Cv's & Cover Letters - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / Hackers Infiltrate Corporate Organizations Using Cv's & Cover Letters (221 Views)

My Company Is Creating FREE Website For Business And Religious Organizations / Provision Of Innovative Solutions To Businesses And Organizations / *NEW* protect your server from hackers (2) (3) (4)

(1) (Reply)

Hackers Infiltrate Corporate Organizations Using Cv's & Cover Letters by BarrSly: 10:34pm On Apr 21, 2022
A year after potential candidates looking for work on LinkedIn were tempted with weaponized job offers, a new series of phishing assaults carrying the more eggs malware has been detected attacking corporate hiring supervisors with false resumes as an infection vector thus making it dubbed 'the CV-WARE' by Sly Uduosa, Slytech's research lead.

"This year, the more eggs operation has inverted the social engineering script, targeting hiring managers with phoney resumes instead of jobseekers with fake job offers," said Keegan Keplinger, eSentire's research and reporting lead.

Four separate security events were identified and disrupted, according to the Canadian cybersecurity firm, three of which happened towards the end of March. A U.S.-based aerospace company, a U.K.-based accounting firm, a legal firm, and a hiring agency, all based in Canada, are among the targets.

The virus, which is thought to have been created by a threat actor known as Golden Chickens (aka Venom Spider), is a stealthy, modular backdoor suite capable of stealing sensitive data and lateral movement across a compromised network.

"More eggs executes by transferring malicious code to normal Windows processes and allowing those processes to do the work for them," Keplinger explained. The idea is to use resumes as a decoy in order to install malware and avoid detection.

Apart from the role reversal in the mode of operation, it's unclear what the attackers were after, given that the incursions were stopped before they could carry out their intentions. However, it's worth noting that, once deployed, more eggs might be used as a launchpad for further assaults like data theft and ransomware.

"The threat actors behind more eggs deploy a scalable spear-phishing technique that weaponizes expected communications, such as resumes, that fit a hiring manager's expectations or job offers, targeting hopeful individuals with current or previous job titles," Keplinger added.

(1) (Reply)

Can I Receive $ In My Naira Skrill Account? / It Is Better To Host Sales Page, Landing Page Or Mini Site With A Cheap Host / Please Which Of These Rules Did I Break?

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2023 Oluwaseun Osewa. All rights reserved. See How To Advertise. 33
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.