CP
cyberpings
Threat IntelHIGH

APT-C-60's Evolving Attack Tactics Exposed

JPJPCERT/CC
APT-C-60spear-phishingmalwareSpyGlaceJPCERT/CC
🎯

Basically, a hacker group is using fake job emails to spread malware.

Quick Summary

APT-C-60 is ramping up its attacks using fake job emails to spread malware. Recruitment staff are particularly at risk, with tactics evolving to include direct file attachments. Stay vigilant and verify senders to protect your data. JPCERT/CC is monitoring the situation closely.

What Happened

Cybersecurity experts at JPCERT/CC have issued a warning about increased attacks by the threat group APT-C-60. These attacks, confirmed between June and August 2025, involve sophisticated spear-phishing? tactics targeting recruitment staff. This method closely mirrors previous attacks from August 2024, indicating a pattern that could affect many unsuspecting job seekers.

In the latest incidents, attackers have changed their approach. Instead of directing victims to download malicious files from Google Drive, they now attach harmful VHDX file?s directly to emails. When the recipient clicks on a link within the VHDX, it runs a malicious script? disguised as a legit?imate Git? command. This script not only displays a decoy document? but also creates and executes additional files, leading to further compromise of the victim's system.

Why Should You Care

If you’re applying for jobs or working in recruitment, these attacks could put your personal information at risk. Imagine opening a job application email only to inadvertently download malware that steals your data. This is not just an IT issue; it’s a personal one. Your computer could be turned into a tool for hackers without you even knowing.

The fact that these attacks are evolving means that you need to stay vigilant. Just like you wouldn’t open a suspicious package on your doorstep, you should be cautious about unexpected emails, especially those that seem to come from job seekers. Always verify the sender before clicking any links or downloading attachments.

What's Being Done

JPCERT/CC is actively monitoring these attacks and has provided updates on the malware's behavior and capabilities. Here are some immediate actions you can take to protect yourself:

  • Be cautious with unsolicited emails, especially those with attachments.
  • Use antivirus software to scan attachments before opening them.
  • Keep your software updated to ensure you have the latest security patches.

Experts are watching for further developments, especially regarding how APT-C-60 might adapt their tactics in the future. Staying informed is key to staying safe in this evolving landscape of cyber threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: APT-C-60's shift to direct attachments indicates a strategic pivot to bypass traditional email filters and increase infection rates.

Original article from

JPCERT/CC

Read Full Article

Share

Related Pings

HIGHThreat Intel

Threat Intel - AiTM Phishing Kit Hijacks AWS Accounts

Hackers are using an AiTM phishing kit to hijack AWS accounts. Meanwhile, a year-long malware campaign is targeting HR departments, posing serious risks to sensitive data. Organizations must act swiftly to bolster their defenses.

Help Net Security·
HIGHThreat Intel

Storm-2561 Campaign Targets Users with Fake VPN Sites

Storm-2561 is tricking users into downloading fake VPN software. This affects anyone searching for trusted VPN clients. The risk includes stolen corporate credentials and potential data breaches. Stay vigilant and verify software sources.

Security Affairs·
HIGHThreat Intel

Operation Synergia III: 45,000 Malicious IPs Taken Down Globally

INTERPOL's Operation Synergia III dismantled 45,000 malicious IPs and arrested 94 suspects. This global effort highlights the growing threat of cybercrime. Authorities are committed to ongoing investigations and collaboration to combat these issues.

Security Affairs·
HIGHThreat Intel

Massive Crackdown on 45,000 Malicious IPs Behind Ransomware

In a historic crackdown, INTERPOL and 72 nations shut down over 45,000 malicious IPs linked to cybercrime. This operation highlights the global effort to combat ransomware and phishing attacks. With numerous arrests and seized servers, authorities are making strides to dismantle cybercriminal networks.

Cyber Security News·
HIGHThreat Intel

AI Phishing Attacks Surge with Malicious SVGs Post-Holiday

AI phishing attacks have surged post-holidays, with a 50-fold increase in malicious SVGs. Many users are affected as attackers impersonate trusted entities. This evolving threat highlights the need for enhanced email security measures.

SC Media·
HIGHThreat Intel

Europol Shuts Down Major Phishing Platform: Tycoon 2FA

Europol and vendors have taken down the Tycoon 2FA phishing platform. This operation disrupts a major threat to users. Stay alert and protect your data from phishing scams.

Proofpoint Threat Insight·