Numerous phishing scams involving tax-related lures have been launched by threat actors to deploy malware and credential-stealing payloads before the tax season ends on Apr. 15, The Hacker News reports.
More than 29,000 individuals across 10,000 organizations across different industries, most of which are in the U.S., have been subjected to a massive phishing campaign in February that involved the impersonation of the Internal Revenue Service, according to an analysis from the Microsoft Threat Intelligence and Microsoft Defender Security Research teams. Malicious emails claiming potentially irregular tax return filings have facilitated the deployment of a trojanized ConnectWise ScreenConnect remote monitoring and management software that enabled data exfiltration and credential harvesting activities. Another campaign targeted almost 100 organizations, most of which are manufacturing, healthcare, and retail firms in the U.S., with QR code and W2 lures to redirect to illicit Microsoft 365 log-in pages that sought to compromise credentials and two-factor authentication codes. Attackers have also deployed ScreenConnect or SimpleHelp software in another IRS-spoofing campaign. Such findings come as Huntress researchers reported a 277% year-over-year increase in RMM tool exploitation among threat actors.
More than 29,000 individuals across 10,000 organizations across different industries, most of which are in the U.S., have been subjected to a massive phishing campaign in February that involved the impersonation of the Internal Revenue Service, according to an analysis from the Microsoft Threat Intelligence and Microsoft Defender Security Research teams. Malicious emails claiming potentially irregular tax return filings have facilitated the deployment of a trojanized ConnectWise ScreenConnect remote monitoring and management software that enabled data exfiltration and credential harvesting activities. Another campaign targeted almost 100 organizations, most of which are manufacturing, healthcare, and retail firms in the U.S., with QR code and W2 lures to redirect to illicit Microsoft 365 log-in pages that sought to compromise credentials and two-factor authentication codes. Attackers have also deployed ScreenConnect or SimpleHelp software in another IRS-spoofing campaign. Such findings come as Huntress researchers reported a 277% year-over-year increase in RMM tool exploitation among threat actors.
