Protecting Recruiter Devices: How Job Seekers are Used by FIN6 Hackers as Backdoors
FIN6 Hackers Pose as Job Seekers to Backdoor Recruiters’ Devices
Summary
In a twist on typical hiring-related social engineering attacks, the cybersecurity community has reported a surge in the number of incidents where the notorious FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware.
This article explores these attacks and offers advice to professionals on how to protect their networks.
The New Wave of Social Engineering Attacks
As our digital landscape evolves, so too do our cybersecurity threats.
According to researchers from cybersecurity firm CrowdStrike [1], the well-known FIN6 cybercriminal group has been seen leveraging an innovative and dangerously successful social engineering attack strategy.
By masquerading as job applicants, these hackers target unsuspecting recruiters with seemingly legitimate resumes containing hidden malware executables.
FIN6 Modus Operandi
A typical FIN6 attack under these new tactics begins with a phishing email sent to recruiters, HR departments, or managers responsible for hiring in targeted organizations.
These messages purport to come from job seekers and contain a document that appears to be a resume or CV, but which hides a nasty surprise in the form of hidden macros or embedded scripts.
When the recipient opens the document, they’re prompted to ‘Enable Content’ to view it.
Doing so activates the hidden malware contained within the file, providing the attackers with a backdoor into the recipient’s network.
In some instances, these attacks have used the Moreeggs JScript downloader [2], a piece of malware associated with the FIN6 group, whose primary aim is data exfiltration and selling access to compromised systems.
Proactive Defense
Given the sophisticated social engineering methods used by attackers, it’s more crucial than ever for companies to implement stringent cybersecurity measures.
Security awareness training, especially for HR teams, should be a priority.
All employees should be educated about the risks posed by unsolicited attachments and be instructed to verify the sender’s identity before opening any documents.
Moreover, organizations should employ robust software solutions designed to scan and isolate potentially dangerous files, enable real-time monitoring of network traffic, and devise an effective incident response plan to detect and respond to any breach swiftly.
Conclusion
The rise in this new strain of social engineering attacks hints at the evolving threat landscape and the lengths to which cybercriminal groups like FIN6 will go to compromise networks.
It serves as a vivid reminder for recruiters and HR departments to remember that they too are potential entry points for hackers and must take appropriate action to protect their network’s integrity.
