Resumés with malicious ISO attachments are circulating, says Aryaka
Summary
Threat actors are distributing phishing emails containing fake résumés with malicious ISO attachments to HR departments. Upon opening the ISO file, a shortcut executes PowerShell commands that extract hidden payloads and use a vulnerable driver to disable endpoint detection and response (EDR) agents.
IFF Assessment
The article details a sophisticated attack that can bypass security defenses and disable EDR agents, posing a significant threat to organizations.
Defender Context
This attack highlights the persistent threat of social engineering targeting HR departments and the increasing sophistication of malware delivery and evasion techniques. Defenders should focus on robust security awareness training for HR staff, emphasizing the risks of unexpected file types like ISOs, and ensuring strong endpoint security measures are in place and configured correctly.