Cybercriminals Using Fake Government Job Ads To Spread Malware

October 04, 2022 By Omal J

(Image Credit Google)

Cybercriminals who prey on job seekers are distributing Cobalt Strike beacons, viruses, and malware in New Zealand and the United States through fake government job ads. According to researchers from Cisco Talos, an unidentified threat actor is allegedly using the names of the New Zealand Public Service Association and the US Office of Personnel Management (OPM) to send out numerous phishing emails (PSA). Furthermore, the email asks the recipient to download and open an attached Word document, saying it has further information about the job opportunity. Cybercriminals Using Fake Government Job Ads To Spread Malware

Cybercriminals Using Fake Government Job Ads To Spread Malware

Execution of code remotely

The document contains malicious macros that, when activated, take advantage of the CVE-2017-0199 remote code execution vulnerability, fixed in April 2017. In addition, when the hacker executes the macro, Word downloads a template for a document from a Bitbucket repository. The template then runs several Visual Basic scripts, which causes a DLL file called "newmodeler.dll" to download. That DLL is a Cobalt Strike beacon. Moreover, another simpler way of distribution involves getting the malware downloader directly from Bitbucket. Most importantly, with a Cobalt Strike beacon, threat actors can move laterally around the network, map it out, and uncover more sensitive data while remotely executing various commands on the hacked endpoint. According to the researchers, the beacons connect with a Dutch-based, Alibaba-hosted Ubuntu server. In addition, it contains two self-signed and valid SSL certificates. Cybercriminals Using Fake Government Job Ads To Spread Malware

Furthermore, Cisco did not identify the threat actors behind these fake government job ads containing malware campaigns. Although one well-known company, Lazarus Group, has recently been involved in several bogus job campaigns. The notorious North Korean state-sponsored threat actor has been targeting blockchain developers, artists working on non-fungible tokens (NFT), and aerospace specialists and political journalists, stealing cryptocurrency and sensitive information.

By Omal J

I worked for both print and electronic media as a feature journalist. Writing, traveling, and DIY sum up her life.

Cybercriminals Using Fake Government Job Ads To Spread Malware

Execution of code remotely

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Multinational Firm Loses $25M in Elaborate Deepfake Scam Impersonating CEO and CFO

Cyberattack Strikes Fulton County, Disrupting Trump Prosecution Case

The FBI has shut down one of the world's largest cybercrime platforms.

The founder of Cash App, MobileCoin CPO Bob Lee, was killed in San Francisco's Rincon Hill: Report

Cash App's Bob Lee Case: Police Chief in SF issued statement following the tragic stabbing

For many years, these alcohol counseling businesses disclosed patient information to marketers.