216.73.216.86

Threat actors leverage tax season to deploy tax-themed phishing campaigns

· Published 03/04/2025 17:19 · Modified 03/04/2025 19:05

Export JSON

Essential information

Published
03/04/2025 17:19
Modified
03/04/2025 19:05
Tags
2025-04-03 ahkbot bruteratel c4 credential-theft guloader latrodectus malware phishing qr codes redirection remcos remote access trojans social engineering tax season
Related entities
1 intrusion sets (apt), 15 techniques (mitre), 5 malware, 5 others

Description

Microsoft has observed several campaigns using tax-related themes to steal credentials and deploy as Tax Day approaches in the United States. These campaigns use methods like URL shorteners and in malicious attachments, and abuse legitimate services to avoid detection. They lead to pages delivered via RaccoonO365 platform, like , and other such as , , , and . The campaigns target various sectors including engineering, IT, consulting, and accounting firms. Threat actors use techniques to mislead taxpayers into revealing sensitive information, making payments to fake services, or installing malicious payloads. Microsoft provides detailed mitigation and protection guidance to help users and organizations defend against these tax-centric threats.

External references