Home
Our Services
Free resources
- Privacy Research
  Free to use data privacy research
  Key Capabilities
  Latest privacy news tracking
  Product versions
  Latest privacy news tracking
  Track the latest news, breaches and fines
  Key features
  Tracks the latest breaches and fines
  View by industry
  View by breach method
  View by privacy topic
  Links to original articles
  Free to use
  
  Learn more »
  Latest Threat Intelligence
  Product versions
  Latest Threat Intelligence
  Track the Common Vulnerability Exposures (CVEs)
  Key features
  Tracks the latest vulnerabilities
  View by company
  View by breach method
  Links to NVD
  Free to use
  
  Learn more »
  Breach modelling and ROI calculator
  Product versions
  Breach modelling and ROI calculator
  Model what a breach would look like for you in your industry and use this to calculate your return on investment
  Key features
  Model your breach
  Assess the severity
  Compare by industry
  Breakdown costs
  Export to your business plan
  Free to use
  
  Learn more »
Privacy news
Company
- About Us
- FAQ
- Contact Us

FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstateppElectionsppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp Cybercriminals from the longrunning FIN6 group are posing as job seekers on platforms like LinkedIn to infect recruiters with malware delivered through fake resumes according to a new report pp Recruitment scams are common among cybercrime gangs but this is a new tactic for FIN6 which is better known for stealing payment card data and breaching pointofsale PoS systems in the hospitality and retail sectors researchers at security firm DomainTools said pp In their latest campaign the hackers also tracked as Skeleton Spider initiate interactions with recruiters on platforms such as LinkedIn and Indeed and after gaining their trust send malicious phishing emails that deliver a backdoor known as MoreEggs pp The phishing emails are professionally written and contain no clickable links forcing recipients to manually type a URL which helps the messages bypass security filters The links direct recruiters to landing pages that mimic personal resume portfolios pp These sites are hosted on trusted cloud infrastructure including Amazon Web Services AWS to evade detection The landing pages use traffic filtering and CAPTCHA to ensure that only human recruiters rather than automated analysis tools are targeted with the malware pp Once the visitor is verified the site delivers a malicious ZIP file containing the MoreEggs backdoor This tool was developed by a threat actor tracked as Venom Spider and is sold as malwareasaservice FIN6 uses it to access the targeted system steal credentials and carry out ransomware attacks pp An AWS spokesperson said the company encourages security researchers to report suspected abuse When we receive reports of potential violations of our terms we act quickly to review and take steps to disable prohibited content the spokesperson said pp FIN6 has been active since at least 2015 and has sold millions of payment card numbers on underground criminal marketplaces The groups latest recruitment scams confirm that its focus is shifting to broader enterprise threats including ransomware operations researchers said ppDaryna Antoniukppis a reporter for Recorded Future News based in Ukraine She writes about cybersecurity startups cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia She previously was a tech reporter for Forbes Ukraine Her work has also been published at Sifted The Kyiv Independent and The Kyiv PostppPrivacyppAboutppContact Uspp Copyright 2025 The Record from Recorded Future Newsp

Read the original article 7 Jul 2025

Key Capabilities

Latest privacy news tracking

Latest Threat Intelligence

Breach modelling and ROI calculator

FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters The Record from Recorded Future News