Security News > 2022 > September > Fake US govt job offers push Cobalt Strike in phishing attacks
A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices.
The discovery comes from researchers at Cisco Talos who observed two different phishing lures, both targeting job seekers and leading to the deployment of Cobalt Strike.
Both attacks begin with a malicious email that presents the recipient with a lucrative job offer in the US federal government, supposedly sent from the US Office of Personnel Management.
The executable launches a PowerShell command that downloads the Cobalt Strike DLL to the %UserProfile%AppDataLocalTemp directory and then deletes itself.
With Cobalt Strike being one of the most widely used tools to gain initial access to corporate networks and spread laterally within one, we have seen an increase in phishing attacks distributing beacons over the past few years.
Last year, Emotet phishing attacks started dropping Cobalt Strike for the first time, and more recently, phishing attacks have targeted Russian dissidents and Ukrainian entities.
News URL
Related news
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- 2024 phishing trends tell us what to expect in 2025 (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- US cities warn of wave of unpaid parking phishing texts (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)