Researchers discovered a new phishing campaign targeting U.S. and New Zealand job seekers. Victims receive emails supposedly presenting them with a lucrative job offer, but which actually contain malicious files.
In some cases, the opening of the document triggers the exploit and leads to the downloading of a Word document hosted on a Bitbucket repository. In other cases, Cobalt Strike beacons are installed for remote access to victims' devices. The Cobalt Strike beacon enables threat actors to execute commands remotely on the infected device, allowing them to steal data or spread laterally through the compromised network.
This campaign unfolds in several stages, with most steps relying on executing obfuscated scripts from the host's memory and abusing the Bitbucket code hosting service to evade detection.
The multi-layered detection included in Acronis Cyber Protect Cloud identifies and blocks even never-before-seen forms of malware from executing, while the optional Advanced Email Security add-on prevents such malicious messages from ever reaching users' inboxes.
About Acronis
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.
