216.73.216.86

Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials

· Published 23/10/2025 21:49 · Modified 24/10/2025 09:22

Export JSON

Essential information

Published
23/10/2025 21:49
Modified
24/10/2025 09:22
Tags
2025-10-23 credential-theft digital advertising fake job postings remote access trojans social engineering
Related entities
1 intrusion sets (apt), 12 techniques (mitre), 3 others

Description

A group of financially motivated threat actors from Vietnam, tracked as UNC6229, is targeting individuals in the and marketing sectors through . They use tactics to deliver malware and phishing kits, aiming to compromise high-value corporate accounts and hijack accounts. The attackers create fake company profiles on legitimate job platforms, luring applicants with attractive remote job openings. Once contact is established, they send malware attachments or phishing links, often abusing legitimate business and CRM platforms to appear credible. The campaign's success relies on victim-initiated contact and targets remote workers with access to company ad accounts.

External references