Cyberattacks Target Users in Poland and Germany
/ 1 min read
🕵️♂️ Ongoing phishing campaign targets users in Poland and Germany with advanced malware. A financially motivated threat actor has been linked to a phishing email campaign that has been active since July 2024, specifically aimed at users in Poland and Germany. The attacks deploy various payloads, including Agent Tesla and a new backdoor called TorNet, which communicates via the TOR network. The phishing emails, disguised as financial confirmations, contain compressed files that, when opened, execute a .NET loader to download PureCrypter malware. This malware performs extensive checks to evade detection and establishes a connection to a command-and-control server, increasing the risk of further intrusions. Experts recommend developing advanced filtering techniques to combat these sophisticated phishing tactics.
