CyberVeille.chJun 15, 2025
📢 Skeleton Spider : Livraison de malware via le cloud
📝 L'article de SecuritySnacks, publié le 10 juin 2025, met en lumière les activités du groupe de cybercriminalité FIN6, également connu sous le nom de **Skeleton Spider**...
📖 cyberveille : https://cyberveille.ch/posts/2025-06-15-skeleton-spider-livraison-de-malware-via-le-cloud/
🌐 source : https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/
#FIN6 #IOC #Cyberveille
Skeleton Spider : Livraison de malware via le cloud

L’article de SecuritySnacks, publié le 10 juin 2025, met en lumière les activités du groupe de cybercriminalité FIN6, également connu sous le nom de Skeleton Spider. Ce groupe est connu pour ses attaques motivées par des gains financiers et a évolué vers des menaces d’entreprise plus larges, y compris des opérations de ransomware. FIN6 a perfectionné ses campagnes de phishing en exploitant la confiance professionnelle. En se faisant passer pour des chercheurs d’emploi sur des plateformes comme LinkedIn, ils établissent un lien de confiance avec les recruteurs avant d’envoyer des messages de phishing menant à des malwares. Leur charge utile préférée est more_eggs, un backdoor en JavaScript qui facilite le vol de données d’identification et l’accès aux systèmes.

CyberVeille
SecuritySnacksJun 13, 2025

ICYMI: DomainTools Investigations released new research this week!

Skeleton Spider (aka FIN6) is leveraging trusted cloud services like AWS to deliver malware through fake job applications and resume-themed phishing campaigns.

🔍 Learn how this financially motivated group is:

🔹Exploiting cloud infrastructure to evade detection
🔹Using social engineering to lure victims
🔹Building resilient, scalable malware delivery systems

Read the full analysis here: https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Skeleton-Spider

#CyberSecurity #ThreatIntelligence #Malware #CloudSecurity #Phishing #FIN6 #SkeletonSpider #InfoSec

Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery - DomainTools Investigations | DTI

Discover how the FIN6 cybercrime group, also known as Skeleton Spider, leverages trusted cloud services like AWS to deliver stealthy malware through fake job applications and resume-themed phishing campaigns. Learn about their tactics, infrastructure, and how to defend against these evolving threats.

DomainTools Investigations | DTI
The DefendOps DiariesJun 10, 2025

Recruiters, take note: FIN6 hackers are now posing as job seekers, using fake resumes and slick online profiles to breach security. Ever wondered how real-life trust can turn into a cyber trap?

https://thedefendopsdiaries.com/fin6s-innovative-phishing-tactics-a-new-threat-to-recruiters/

#fin6
#phishing
#cybersecurity
#socialengineering
#recruitmentsecurity

SecuritySnacksJun 10, 2025

Cybercrime group FIN6 (aka Skeleton Spider) is leveraging trusted cloud services like AWS to deliver malware through fake job applications.

Our latest analysis breaks down:
🔹 How attackers use LinkedIn & Indeed to build trust
🔹 The use of resume-themed phishing lures
🔹 Cloud-hosted infrastructure that evades detection
🔹 The delivery of the More_eggs backdoor via .LNK files
🔹 Key defense strategies for recruiters and security teams

This campaign is a masterclass in low-complexity, high-evasion phishing

📖 Read the full breakdown: https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Skeleton-Spider

#CyberSecurity #ThreatIntel #FIN6 #Phishing #CloudSecurity #MalwareAnalysis #InfoSec #SkeletonSpider

Tech Cybersecurity NieuwsOct 1, 2024
Nieuwe spear-phishing campagne richten zich op recruiters met 'more_eggs' malware https://www.trendingtech.news/trending-news/2024/10/39899/nieuwe-spear-phishing-campagne-richten-zich-op-recruiters-met-more-eggs-malware #spear-phishing #more_eggs #FIN6 #malware #recruiters #Trending #News #Nieuws
Nieuwe spear-phishing campagne richten zich op recruiters met 'more_eggs' malware

Een recent ontdekte spear-phishing campagne richt zich specifiek op recruiters door zich voor te doen als sollicitanten. Deze campagne verspreidt de 'more_eggs

Tech Nieuws
Selena LarsonDec 12, 2023
Speaking of sharing research.. I’m stoked to publish on this recently observed activity by #TA4557 (overlaps with #FIN6). We saw them targeting recruiters directly via email and using some really fun social engineering techniques. They always deliver More_eggs malware https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta4557-targets-recruiters-directly-email
Security Brief: TA4557 Targets Recruiters Directly via Email    | Proofpoint US

What happened  Since at least October 2023, TA4557 began using a new technique of targeting recruiters with direct emails that ultimately lead to malware delivery. The initial emails are benign and...

Proofpoint
DadPunkDec 1, 2022
There hasn't been much reporting on #FIN6 lately but they have been active... not sure about successful but they have been active 😂​
Paul MelsonNov 11, 2022
#FIN6 just can’t stay away from holiday shopping season. This 2019 article from IBM X-Force IRIS is a good recap of TTPs still very much in use today.
https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/
More_eggs, Anyone? Threat Actor ITG08 Strikes Again

X-Force IRIS observed ITG08, which has historically targeted POS machines in the retail and hospitality sectors, injecting malicious code into online checkout pages to steal payment card data.

Security Intelligence
SecurityLabSep 16, 2020
MITRE представила план имитации атак хакерской группы FIN6 #MITRE, #FIN6, #APT https://www.securitylab.ru/news/512145.php https://twitter.com/SecurityLabnews/status/1306137001570324481/photo/1
MITRE представила план имитации атак хакерской группы FIN6

Проект Adversary Emulation Library призван помочь командам безопасности обеспечить более эффективную защиту компьютерных сетей.

ITSEC NewsApr 7, 2020
FIN6 and TrickBot Combine Forces in ‘Anchor’ Attacks - FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the Tri... more: https://threatpost.com/fin6-and-trickbot-combine-forces-in-anchor-attacks/154508/ #anchormalware #terraloader #cybercrime #powershell #more_eggs #trickbot #malware #trojan #hacks #fin6
FIN6 and TrickBot Combine Forces in 'Anchor' Attacks

FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the TrickBot trojan, and then eventually downloaded the Anchor backdoor malware.

Threatpost - English - Global - threatpost.com