Summary: A financially motivated threat actor has targeted users in Poland and Germany with an ongoing phishing campaign since July 2024, deploying malware such as the TorNet backdoor. The attacks utilize deceptive emails that contain malicious attachments, exploiting various techniques to evade detection and maintain persistence on infected machines.
Affected: Users in Poland and Germany, financial institutions, manufacturing and logistics companies.
Keypoints :
- Phishing emails contain fake financial confirmations or order receipts to lure victims.
- The TorNet backdoor operates over the TOR network, enabling communication with the threat actor undetected.
- Advanced filtering techniques are recommended to combat hidden text salting used to bypass email detection engines.
Source: https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html