Security Brief: Threat Actors Gift Holiday Lures to Threat Landscape

Category	Details
Threat Actors	Unnamed actors leveraging Tycoon PhaaS platform, SakaiPages phishing kit, and job fraud schemes; targeting victims globally during the holiday season.
Campaign Overview	Multiple campaigns exploiting holiday-themed lures, such as bonus emails, job offers, and promotions, to deliver malware, perform credential phishing, and conduct employment fraud.
Target Regions	Global; universities frequently targeted for employment scams; corporate entities targeted for phishing and malware campaigns.
Methodology	Social engineering, QR code phishing, employment fraud with fake job offers, festive-themed email lures (e.g., HR or payroll communications).
Product Targeted	Victims’ email accounts, credentials, 2FA tokens, session cookies, and financial information.
Malware Reference	- Remcos RAT - Tycoon phishing platform - SakaiPages phishing kit
Tools Used	- Customized OOXML files - QR codes directing users to fake authentication pages - “brooxml” technique for bypassing sandbox detection.
Vulnerabilities Exploited	Exploits user trust via social engineering and email attachment manipulation (OOXML prepending technique).
TTPs	- Social engineering via holiday-themed emails - Credential harvesting using AiTM techniques - Employment fraud using AFF tactics - QR code phishing with customized Microsoft-branded pages.
Attribution	Activity observed by Proofpoint; attribution points to PhaaS services (Tycoon) and advanced phishing kit developers (SakaiPages).
Recommendations	- Educate users on holiday-themed phishing lures. - Implement robust email filtering and malware detection solutions. - Avoid scanning QR codes from unknown sources. - Monitor for indicators of compromise (IOCs).
Source	Proofpoint

Read full article: https://www.proofpoint.com/us/blog/threat-insight/security-brief-threat-actors-gift-holiday-lures-threat-landscape

The above summary has been generated by an AI language model