May 29, 2023

Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers.

The ruse seeks to capitalize on the influence of Bloomberg Industry Group whose analysis major corporations use to track markets. The perpetrator is sending fake Bloomberg invoices that are laced with a RAT that could be used to surveil computer networks or steal data.

The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away.

It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, is available for purchase on underground forums for just $20.

The emails ask users in fluent English to enable Microsoft Excel features which allow for the execution of malicious code. One email, for instance, lists a New York City phone number that recipients can call for “customer service.” When dialed the number, an automated voice read a different phone number and said that the voicemail inbox was full.

Bloomberg Industry Group did not respond to a request for comment by press time on the research

Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: