{
  "name": "Hacker Exploit Social Security Statement Theme to Target Over 2,000 Victims with Malware",
  "slug": "hacker-exploit-social-security-statement-theme-to-target-over-2000-victims-with-malware",
  "description": "A sophisticated phishing campaign has targeted over 2,000 individuals by exploiting the theme of official Social Security statements. Cybercriminals used a convincing phishing lure, mimicking legitimate communication from the Social Security Administration. The attack involved a URL directing victims to a phishing page hosted on Amazon Web Services, enhancing its perceived legitimacy. Users were tricked into downloading and executing malware, which is a .NET application loader that installs ScreenConnect, establishing a silent connection to the attacker's command-and-control server. The malware's behavior includes loading additional files and executing a primary backdoor component. The campaign's impact is significant, with a large percentage of targeted users unknowingly installing the malware.",
  "published": "2025-06-26T19:09:23+00:00",
  "created_at": "2025-06-26T19:09:23+00:00",
  "modified_at": "2025-06-27T05:55:36+00:00",
  "created_at_opencti": "2025-06-26T19:09:23+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    ".net-loader",
    "2025-06-26",
    "amazon-aws",
    "backdoor",
    "phishing",
    "remote access",
    "screenconnect",
    "social-security"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "secure.ratoscbom.com"
      },
      {
        "id": "",
        "name": "1c939551452b2137b2bd727f13fab80da192f174d0311d23fc3c1c531cefdc87"
      }
    ],
    "attack_patterns": [
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "United States of America"
      },
      {
        "id": "",
        "name": "Healthcare"
      },
      {
        "id": "",
        "name": "Finance"
      }
    ]
  },
  "external_refs": [
    "https://cyberarmor.tech/hacker-exploit-social-security-statement-theme-to-target-over-2000-victims-with-malware/",
    "https://otx.alienvault.com/pulse/685db703a1b702d3c7c431d8"
  ]
}