November 30, 2023

Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers.

The ruse seeks to capitalize on the influence of Bloomberg Industry Group whose analysis major corporations use to track markets. The perpetrator is sending fake Bloomberg invoices that are laced with a RAT that could be used to surveil computer networks or steal data.

The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away.

It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, is available for purchase on underground forums for just $20.

The emails ask users in fluent English to enable Microsoft Excel features which allow for the execution of malicious code. One email, for instance, lists a New York City phone number that recipients can call for “customer service.” When dialed the number, an automated voice read a different phone number and said that the voicemail inbox was full.

Bloomberg Industry Group did not respond to a request for comment by press time on the research

Tags:

Leave a Reply

You may have missed

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023

AWS Detective adds new Capabilities

November 27, 2023
%d bloggers like this: