Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials
Essential information
- Published
- 23/10/2025 21:49
- Modified
- 24/10/2025 09:22
- Tags
- 2025-10-23 credential-theft digital advertising fake job postings remote access trojans social engineering
- Related entities
- 1 intrusion sets (apt), 12 techniques (mitre), 3 others
Description
A group of financially motivated threat actors from Vietnam, tracked as UNC6229, is targeting individuals in the digital advertising and marketing sectors through fake job postings. They use social engineering tactics to deliver malware and phishing kits, aiming to compromise high-value corporate accounts and hijack digital advertising accounts. The attackers create fake company profiles on legitimate job platforms, luring applicants with attractive remote job openings. Once contact is established, they send malware attachments or phishing links, often abusing legitimate business and CRM platforms to appear credible. The campaign's success relies on victim-initiated contact and targets remote digital advertising workers with access to company ad accounts.