Security Brief: Threat Actors Take Taxes Into Account

Jan. 29, 2025, 5:32 p.m.

Description

Proofpoint researchers have identified an increase in campaigns and malicious domains impersonating tax agencies and financial organizations. This aligns with the annual increase in tax-related content observed from December through April. Phishing lures impersonate government agencies and financial services organizations involved in tax filing. Campaigns targeting the UK, US, Switzerland, and Australia have been observed, using various tactics such as credential harvesting, fraudulent payment requests, and malware delivery. Threat actors exploit tax themes to make their lures more convincing, especially during filing seasons. Organizations are advised to educate users about common techniques and lures used by attackers.

External References

https://www.proofpoint.com/us/blog/threat-insight/security-brief-threat-actors-take-taxes-account
https://otx.alienvault.com/pulse/6799119dbf5f688d9fc9f344
Tags
xworm
rhadamanthys
financial fraud
asyncrat
venomrat
credential harvesting
metastealer
zgrat
malware delivery
government impersonation
2025-01-28
intuit
mygov
hmrc
tax-themed phishing
revolut

Date

  • Created: Jan. 28, 2025, 5:19 p.m.
  • Published: Jan. 28, 2025, 5:19 p.m.
  • Modified: Jan. 29, 2025, 5:32 p.m.

Attack Patterns

  • VenomRAT
  • MetaStealer
  • XWorm
  • zgRAT
  • Rhadamanthys
  • AsyncRAT

Additional Informations

  • Australia
  • Switzerland
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America