Cybersecurity experts warn of a sophisticated spear-phishing campaign targeting financial executives across multiple regions, utilizing a legitimate remote access tool, NetBird, to maintain persistent access. This multi-stage attack involves encrypted redirects, CAPTCHA evasion, and custom scripts, highlighting the rising use of legitimate tools for malicious purposes. #NetBird #PhishingCampaign
Keypoints
- The attack targets CFOs and financial leaders using a multi-stage spear-phishing scheme.
- Threat actors use encrypted redirect links and CAPTCHA checks to evade detection.
- Post-infection, malware installs NetBird and OpenSSH for remote access and persistence.
- The campaign has been active for nearly a year, with similar techniques observed in past efforts.
- Legitimate remote access tools are increasingly exploited by cybercriminals for sustained infiltration.
Read More: https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html