Spear Phishing Targets Financial Leaders
Spear phishing attacks target CFOs and financial executives across six regions. Attackers use NetBird, a legitimate remote access tool, to infiltrate systems. For example, they send fake recruiter emails posing as Rothschild & Co. This campaign, detected in May 2025, aims to steal sensitive financial data.
How the Attack Unfolds
The scam starts with emails offering strategic job opportunities. These contain a phishing link disguised as a PDF attachment. When clicked, it leads to a Firebase-hosted URL with a CAPTCHA check. Consequently, solving the CAPTCHA downloads a malicious ZIP file to the victim’s device.
Malware Deployment Tactics
The ZIP file includes a VBScript that fetches a second script from an external server. This script extracts NetBird and OpenSSH MSI files from “trm.zip.” Additionally, it creates a hidden account and enables remote desktop access. This ensures the malware persists and launches on reboot.
Evasion Through Legitimate Tools
Attackers exploit NetBird’s trustworthiness to avoid detection. They remove desktop shortcuts to hide the compromise. As a result, the attack slips past traditional security measures. This tactic blends malicious intent with widely accepted software.
Global Reach and Persistence
The campaign spans Europe, Africa, Canada, the Middle East, and South Asia. A report notes a redirect URL active for nearly a year. For instance, similar attacks use platforms like Google Apps Script and Notion. Therefore, spear phishing remains a persistent global threat.
Broader Phishing Trends
Other attacks mimic invoices or exploit old Microsoft Office flaws. They deliver malware like Formbook to steal data. Additionally, PhaaS kits like Tycoon enhance these efforts with refined tactics. This shows how attackers target specific roles with advanced methods.
Impact on Financial Sector
These attacks disrupt financial operations and erode trust. They expose companies to data breaches and financial losses. Moreover, undetected access can lead to long-term espionage. Businesses must prioritize security to mitigate these risks.
Preventing Spear Phishing Attacks
To stop spear phishing, verify email senders before opening attachments. For example, contact recruiters using official contact details. Use email filters to block suspicious links and enable multi-factor authentication. Additionally, train staff to recognize phishing signs and back up critical data regularly. These steps help protect against data theft and malware.
Sleep well, we got you covered.
