A threat group called “Venom Spider” is targeting hiring managers with spear-phishing emails. The group abuses legitimate messaging services and job platforms to apply for real jobs via fake malicious resumes that drop a backdoor called More_eggs. The backdoor can be used for a wide scope of malicious activities, from credential theft to stealing sensitive customer payment data, intellectual property or trade secrets.
You read about this threat actor here.
Roger Grimes, data-driven defense evangelist at KnowBe4, commented:
“This is far from a new tactic, but is definitely getting more use by malicious hackers. It used to be that HR was very sparingly targeted, but now they have become a target of choice. When doing cybersecurity risk management, I’d put anyone in the HR hiring path, including recruiters, hiring managers, people who interview new recruits, etc., on the list of your highest risk employees, alongside the previously identified high-risk positions in IT, C-level employees, and accounts payable. HR, in general, has become a hotbed for scammers and malicious never-do-wells. We’ve got fake employees, fake employers, outgunned recruiters, and paid advertising by malicious hackers entering the hiring ecosystem in a way that has never been before. It’s nation-state level stuff, highly resourced, and coming for your company for sure!”
This is a pretty crafty attack. One that shows that this threat actor has sophistication and an endgame. That should put all of us on edge as it implies that they can pivot to another attack vector and likely be successful.
Like this:
Like Loading...
Related
This entry was posted on May 6, 2025 at 9:40 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A threat group called “Venom Spider” is targeting hiring managers with spear-phishing emails. The group abuses legitimate messaging services and job platforms to apply for real jobs via fake malicious resumes that drop a backdoor called More_eggs. The backdoor can be used for a wide scope of malicious activities, from credential theft to stealing sensitive customer payment data, intellectual property or trade secrets.
You read about this threat actor here.
Roger Grimes, data-driven defense evangelist at KnowBe4, commented:
“This is far from a new tactic, but is definitely getting more use by malicious hackers. It used to be that HR was very sparingly targeted, but now they have become a target of choice. When doing cybersecurity risk management, I’d put anyone in the HR hiring path, including recruiters, hiring managers, people who interview new recruits, etc., on the list of your highest risk employees, alongside the previously identified high-risk positions in IT, C-level employees, and accounts payable. HR, in general, has become a hotbed for scammers and malicious never-do-wells. We’ve got fake employees, fake employers, outgunned recruiters, and paid advertising by malicious hackers entering the hiring ecosystem in a way that has never been before. It’s nation-state level stuff, highly resourced, and coming for your company for sure!”
This is a pretty crafty attack. One that shows that this threat actor has sophistication and an endgame. That should put all of us on edge as it implies that they can pivot to another attack vector and likely be successful.
Share this:
Like this:
Related
This entry was posted on May 6, 2025 at 9:40 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.