Fake enterprise VPN downloads used to steal company credentials
Summary
Threat actor Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet. These malicious downloads are designed to steal VPN credentials from users who are tricked into installing them.
IFF Assessment
FOE
This is bad news for defenders as it highlights a social engineering tactic to steal sensitive credentials, enabling further network compromise.
Defender Context
Defenders should be aware of this tactic and educate users about the dangers of downloading software from unofficial sources. Implementing strong authentication mechanisms like multi-factor authentication can also mitigate the impact of stolen credentials.