Major Incidents or Breaches

  • A spear-phishing campaign has been identified targeting Chief Financial Officers (CFOs) and other financial executives across six global regions. Attackers are distributing emails posing as recruiters and leveraging the legitimate remote access tool NetBird to establish persistent access to victims’ systems.

Newly Discovered Vulnerabilities

  • A trojanized version of the PuTTY SSH client has been observed in the wild. Attackers are distributing this malicious version to establish unauthorized remote access via a simple SSH backdoor.

Notable Threat Actor Activity

  • Threat actors are abusing NetBird, a legitimate remote access tool, as part of their phishing campaigns against financial sector executives. This demonstrates continued use of legitimate tools for malicious purposes to evade detection.

Trends, Tools, or Tactics of Interest

  • Increased use of legitimate remote access software (NetBird) in targeted phishing campaigns against high-value financial targets.
  • Ongoing abuse of trojanized open-source tools, specifically PuTTY, to deliver backdoors and maintain covert access.

Tools and Software Updates

  • YARA version 4.5.3 has been released, addressing five bugs.