Threat Actors Attacking Job Seekers With Three New Unique Adversaries

Their analysis revealed that operators typically employ multiple personas throughout the scam lifecycle – one to make initial contact and another to execute the fraud – allowing them to efficiently manage high volumes of victims while maintaining operational security when communication channels are disrupted. The threat actor’s detection evasion techniques include requiring registration codes for website access, implementing login barriers to prevent security researcher analysis, and redesigning interfaces periodically to maintain effectiveness. These scams employ increasingly refined social engineering tactics that blend legitimate recruitment practices with fraudulent schemes, making them particularly effective at evading detection while extracting money and personal information from victims. The first impersonates technology companies using advance fee fraud tactics, the second operates a localized scheme across 18 countries impersonating a logistics recruitment agency, and the third masquerades as the Government of Singapore to harvest national identity numbers and compromise Telegram accounts. The most prolific of the identified threats begins with unsolicited messages via WhatsApp, Telegram or other messaging platforms, with attackers posing as recruitment consultants claiming to have received applications from potential victims. Netcraft analysts documented that the Celadon/Softserv operation offers payment in cryptocurrency (USDT) and requires victims to register on specialized domains like celadonsoftapp[.]vip that feature convincing but fraudulent interfaces. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The cybercriminals have engineered these schemes to exploit specific vulnerabilities in how job seekers evaluate opportunities, particularly targeting those attracted to flexible working arrangements and above-average compensation packages, which have become increasingly desirable in the post-pandemic economy. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. After registration, victims receive nominal “credit” to their accounts before being prompted to deposit actual funds to “activate” various task levels that promise profitable returns. Job seekers should remain vigilant for warning signs including communication exclusively through messaging apps, implausibly high compensation offers, cryptocurrency payment methods, and pressure to make upfront deposits. A significant surge in sophisticated recruitment scams has emerged, with cybercriminals exploiting economic vulnerabilities and the competitive job market to target desperate job seekers. After establishing contact, victims are directed to communicate with a second persona who provides job details – typically featuring unrealistically high compensation rates for simple tasks. Infrastructure analysis revealed nine similar platform sites operated by this threat actor between May and November 2024, all sharing identical design elements and server infrastructure. Security researchers have identified three distinct threat actors deploying targeted campaigns against job seekers worldwide.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 10 May 2025 01:45:06 +0000


Cyber News related to Threat Actors Attacking Job Seekers With Three New Unique Adversaries

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky
Threat Actors Attacking Job Seekers With Three New Unique Adversaries - Their analysis revealed that operators typically employ multiple personas throughout the scam lifecycle – one to make initial contact and another to execute the fraud – allowing them to efficiently manage high volumes of victims while ...
3 weeks ago Cybersecuritynews.com
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
1 year ago Darkreading.com
How to Protect Yourself from Job Scams: Essential Tips - The internet is a powerful tool in our career search, but it also provides cyber criminals with information and tactics they can use to exploit and deceive people looking for work. Job scams are sadly prevalent on the web, and if you’re job ...
2 years ago Tripwire.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
1 year ago Darkreading.com Equation
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29
6 Ransomware Trends & Evolutions For 2023 - More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. ...
2 years ago Trendmicro.com TeamTNT
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
10 months ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 APT28
Automating Threat Intelligence Enrichment In Your SIEM With MISP - In conclusion, automating threat intelligence enrichment between MISP and your SIEM using Python is a transformative step for any security operations center. This article explores how to architect, implement, and operationalize automated threat ...
1 month ago Cybersecuritynews.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
1 year ago Microsoft.com
Squid Werewolf Mimic as Recruiters Attacking Job Seekers To Exfiltrate Personal Data - To protect against such threats, security experts recommend implementing email security solutions, avoiding opening attachments from unknown senders, and deploying endpoint detection and response tools capable of identifying suspicious PowerShell ...
2 months ago Cybersecuritynews.com APT37 APT3
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
1 year ago Thedfirreport.com Trigona
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
1 year ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
1 year ago Cyberdefensemagazine.com Hunters
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
1 year ago Feeds.dzone.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com
Cybercrime Groups Offering Six-Figure Salaries for IT Talents - Increasingly, organized crime organizations are operating as businesses rather than criminal organizations, advertising jobs on the dark web with a number of advantages for members. A recent Kaspersky study found that 61% of job ads posted by hacking ...
2 years ago Cybersecuritynews.com
Penetration Testing And Threat Hunting: Key Practices For Security Leaders - Security leaders should view penetration testing and threat hunting not as discrete activities but as essential components of a mature security program that evolves from passive defense to active threat detection and mitigation. Penetration testing ...
1 month ago Cybersecuritynews.com Hunters
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
Threat Intelligence Feeds Flood Analysts With Data, But Context Still Lacking - By combining external threat data with internal risk assessments, contextual threat intelligence helps organizations measure the risk level of alerts or vulnerabilities in relation to their business and technical assets, ensuring that the most ...
1 month ago Cybersecuritynews.com
CVE-2025-21688 - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion"), we introduced a change to ...
3 months ago Tenable.com
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US - Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors' activity. We ...
1 year ago Unit42.paloaltonetworks.com
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
1 year ago Cybersecuritynews.com
Report: Developers are most in demand on dark web - Hacker gangs often operate like businesses - they have salaries, working hours, clients and employees. To compete in a growing market, they are constantly looking for new talent with better skill sets, and they often use the same methods as ...
2 years ago Therecord.media