FIN6 has shifted from traditional financial fraud to employing sophisticated social engineering tactics, impersonating job seekers to target recruiters and deploy malware. They use convincing resumes, fake domains, and advanced evasion techniques to deliver the ‘More Eggs’ backdoor, emphasizing the importance of cautious verification processes. #FIN6 #MoreEggs
Keypoints
- FIN6 now impersonates job seekers to target recruiters via LinkedIn and Indeed.
- The group uses fake resumes and phishing sites hosted on trusted cloud services to evade detection.
- Targets receive a ZIP file with a disguised Windows shortcut that downloads the ‘More Eggs’ backdoor.
- ‘More Eggs’ is a modular backdoor used for credential theft, command execution, and additional payload deployment.
- Organizations should verify identities independently and be cautious of external resume review requests.