CyberSecurityBoard
Sponsor Register Login

Squid Werewolf Mimic as Recruiters Attacking Job Seekers To Exfiltrate Personal Data

To protect against such threats, security experts recommend implementing email security solutions, avoiding opening attachments from unknown senders, and deploying endpoint detection and response tools capable of identifying suspicious PowerShell commands and activities in startup locations. A sophisticated malware campaign dubbed "DocSwap" has emerged targeting Android users globally by disguising itself as a legitimate document security and viewing application. The attackers send phishing emails disguised as job opportunities from legitimate industrial organizations, attaching malicious files that appear to be employment offers but actually deploy malware to steal sensitive information. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A sophisticated cyber espionage campaign has been uncovered where threat actors are masquerading as recruiters to target job seekers and employees of specific organizations. BI.Zone Security researchers identified this campaign in December 2024, attributing it to a threat actor known as Squid Werewolf (also tracked as APT37 or Reaper Group). With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The campaign uses social engineering tactics centered around job recruitment, a particularly effective strategy as job seekers are more likely to open attachments related to potential employment opportunities. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Once executed, the malware copies the legitimate Windows utility dfsvc.exe to the startup folder, ensuring it runs automatically when the system boots. The malware employs multiple evasion techniques, including time-based sandbox detection and internet connectivity checks. Their analysis revealed the attack had been carefully designed to evade detection while establishing persistent access to victims’ systems.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Mar 2025 15:45:27 +0000


Cyber News related to Squid Werewolf Mimic as Recruiters Attacking Job Seekers To Exfiltrate Personal Data

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
5 months ago Aws.amazon.com
Squid Werewolf Mimic as Recruiters Attacking Job Seekers To Exfiltrate Personal Data - To protect against such threats, security experts recommend implementing email security solutions, avoiding opening attachments from unknown senders, and deploying endpoint detection and response tools capable of identifying suspicious PowerShell ...
6 hours ago Cybersecuritynews.com APT37 APT3
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
1 year ago Darkreading.com
How to Protect Yourself from Job Scams: Essential Tips - The internet is a powerful tool in our career search, but it also provides cyber criminals with information and tactics they can use to exploit and deceive people looking for work. Job scams are sadly prevalent on the web, and if you’re job ...
2 years ago Tripwire.com
Cybercrime Groups Offering Six-Figure Salaries for IT Talents - Increasingly, organized crime organizations are operating as businesses rather than criminal organizations, advertising jobs on the dark web with a number of advantages for members. A recent Kaspersky study found that 61% of job ads posted by hacking ...
2 years ago Cybersecuritynews.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
1 year ago Darkreading.com Equation
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity - COMMENTARY. Global data privacy laws were created to address growing consumer concerns about individual privacy. These laws include several best practices for businesses about storing and using consumers' personal data so that the exposure of ...
1 year ago Darkreading.com
Fake Recruiters Defraud Facebook Users via Remote Work Offers - A fresh wave of job scams is spreading on Meta's Facebook platform that aims to lure users with offers for remote-home positions and ultimately defraud them by stealing their personal data and banking credentials. The attackers dangle offers of ...
1 year ago Darkreading.com
Privacy Policy 2024 - Personal information is any information that identifies you or would enable someone to contact you, which may include your name, email address, phone number and other non-public information that is associated with such information. Information We ...
1 year ago Bitsight.com
Cybercrime Groups Offer Up to $20K/Month Jobs on the Dark Web - Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves. In a new report by Kaspersky, which ...
2 years ago Bleepingcomputer.com
Recruiters Beware! Hackers Deliver Malware Posing Job Applicant - Threat actors have been targeting recruiters disguised as job applicants to deliver their malware. Though this method is not unique, the technique and attack vectors have been noted to have changed from their previous methods. TA4557 is a highly ...
1 year ago Cybersecuritynews.com FIN6
Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware - Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. A new report from U.S.-based cybersecurity company Proofpoint exposes a new attack campaign operated by a ...
1 year ago Techrepublic.com
Attackers Targeting Recruiters With More_Eggs Backdoor - FIN6 has been known in the past to pose as recruitment officers to target job seekers, but it appears to be "moving from posing as fake recruiters to now masquerading as fake job applicants" in a shift in tactics, Trend Micro researchers ...
5 months ago Darkreading.com FIN6
New Mimic Ransomware Abuses Windows Search Tool to Attack Victims - A new ransomware threat has been discovered that abuses the Windows Search Tool to locate and encrypt sensitive data. Dubbed Mimic, the ransomware was identified by malware researchers at Force Point Security Defense. Mimic encrypts a victim’s ...
2 years ago Bleepingcomputer.com
CVE-2024-23638 - Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of ...
10 months ago
Threat Actor Targets Recruiters With Malware - Proofpoint has warned recruiters of a skilled threat actor targeting them with emails designed to deploy malware. TA4557 is a financially motivated threat actor known to distribute the More Eggs backdoor, which is designed to establish persistence, ...
1 year ago Infosecurity-magazine.com FIN6
Report: Developers are most in demand on dark web - Hacker gangs often operate like businesses - they have salaries, working hours, clients and employees. To compete in a growing market, they are constantly looking for new talent with better skill sets, and they often use the same methods as ...
2 years ago Therecord.media
CVE-2024-25617 - Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote ...
11 months ago
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
1 year ago Venturebeat.com
Business Data Privacy Laws: Compliance and Beyond - Governments worldwide have implemented strict data privacy laws to protect individuals' information in the face of increasing cyber threats and data breaches. Let's dive into the world of business data privacy laws as we navigate the complexities of ...
1 year ago Securityzap.com
18th Anniversary Post: New Species of Pygmy Squid Discovered - They're Ryukyuan pygmy squid and Hannan's pygmy squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Yes, this is the eighteenth anniversary of Friday Squid Blogging. The first squid ...
1 year ago Schneier.com
CVE-2025-21688 - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion"), we introduced a change to ...
1 month ago Tenable.com
Recruiters, beware of cybercrooks posing as job applicants! - Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. The threat actor - designated as TA4557 by Proofpoint - first reaches out to recruiters with a ...
1 year ago Helpnetsecurity.com
Beyond DLP: Embracing a Multi-Layered Strategy for Personal Data Security - Data, especially personal data, drives the digital world. While digital systems continuously gather and use personal data to enhance user experience, there is a significant issue. The alarming frequency of data breaches indicates that the methods ...
1 year ago Securityboulevard.com
French Gov. Leaks 43 Million People's Data - French public employment administration loses control of citizens' data after biggest breach in Gallic history. Hackers stole 20 years of personal data relating to job seekers from a French agency. The boss of France Travail, Alexandre Saubot, has a ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)