Security Brief: Threat Actors Gift Holiday Lures to Threat Landscape

Dec. 19, 2024, 5:38 p.m.

Description

As the holiday season approaches, threat actors are exploiting people's desires for deals, jobs, and end-of-year bonuses. Researchers have observed an increase in themed content delivering malware, fraud, and credential phishing campaigns. Examples include a 'Winter Holiday Promotion' campaign delivering Remcos RAT, credential phishing campaigns impersonating HR departments to steal login information, and employment fraud schemes targeting universities. These attacks use timely lures such as holiday promotions, bonus announcements, and seasonal job offers to manipulate victims into risky online behaviors. The campaigns employ various techniques, including compressed executables, QR codes, and specially crafted OOXML files to bypass detection and harvest user credentials.

External References

https://www.proofpoint.com/us/blog/threat-insight/security-brief-threat-actors-gift-holiday-lures-threat-landscape
https://otx.alienvault.com/pulse/6764309c6ef7a02f69b987fd
Tags
qr codes
remcos rat
credential phishing
2024-12-19
adversary-in-the-middle (aitm)
employment fraud
tycoon phishing-as-a-service (phaas)
open office xml (ooxml)

Date

  • Created: Dec. 19, 2024, 2:41 p.m.
  • Published: Dec. 19, 2024, 2:41 p.m.
  • Modified: Dec. 19, 2024, 5:38 p.m.

Attack Patterns

  • Remcos RAT
  • T1528
  • T1587
  • T1608
  • T1185
  • T1547
  • T1036
  • T1204
  • T1140
  • T1132
  • T1027
  • T1056
  • T1584
  • T1566
  • T1078
  • T1059

Additional Informations

  • Education