216.73.217.80

Hacker Exploit Social Security Statement Theme to Target Over 2,000 Victims with Malware

· Published 26/06/2025 21:09 · Modified 27/06/2025 07:55

Export JSON

Essential information

Published
26/06/2025 21:09
Modified
27/06/2025 07:55
Tags
.net-loader 2025-06-26 amazon-aws backdoor phishing remote access screenconnect social-security
Related entities
2 observables, 8 techniques (mitre), 3 others

Description

A sophisticated campaign has targeted over 2,000 individuals by exploiting the theme of official Social Security statements. Cybercriminals used a convincing lure, mimicking legitimate communication from the Social Security Administration. The attack involved a URL directing victims to a page hosted on Amazon Web Services, enhancing its perceived legitimacy. Users were tricked into downloading and executing malware, which is a .NET application loader that installs , establishing a silent connection to the attacker's command-and-control server. The malware's behavior includes loading additional files and executing a primary component. The campaign's impact is significant, with a large percentage of targeted users unknowingly installing the malware.

External references