Security Brief: Threat Actors Gift Holiday Lures to Threat Landscape

Category	Details
Threat Actors	Unnamed actors leveraging Tycoon PhaaS platform, SakaiPages phishing kit, and job fraud schemes; targeting victims globally during the holiday season.
Campaign Overview	Multiple campaigns exploiting holiday-themed lures, such as bonus emails, job offers, and promotions, to deliver malware, perform credential phishing, and conduct employment fraud.
Target Regions	Global; universities frequently targeted for employment scams; corporate entities targeted for phishing and malware campaigns.
Methodology	Social engineering, QR code phishing, employment fraud with fake job offers, festive-themed email lures (e.g., HR or payroll communications).
Product Targeted	Victims’ email accounts, credentials, 2FA tokens, session cookies, and financial information.
Malware Reference	– Remcos RAT – Tycoon phishing platform – SakaiPages phishing kit
Tools Used	– Customized OOXML files – QR codes directing users to fake authentication pages – “brooxml” technique for bypassing sandbox detection.
Vulnerabilities Exploited	Exploits user trust via social engineering and email attachment manipulation (OOXML prepending technique).
TTPs	– Social engineering via holiday-themed emails – Credential harvesting using AiTM techniques – Employment fraud using AFF tactics – QR code phishing with customized Microsoft-branded pages.
Attribution	Activity observed by Proofpoint; attribution points to PhaaS services (Tycoon) and advanced phishing kit developers (SakaiPages).
Recommendations	– Educate users on holiday-themed phishing lures. – Implement robust email filtering and malware detection solutions. – Avoid scanning QR codes from unknown sources. – Monitor for indicators of compromise (IOCs).
Source	Proofpoint

Read full article: https://www.proofpoint.com/us/blog/threat-insight/security-brief-threat-actors-gift-holiday-lures-threat-landscape

The above summary has been generated by an AI language model