1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Hackers are using fake NDAs to hit US manufacturers in major new

    From TechnologyDaily@1337:1/100 to All on Thursday, August 28, 2025 18:00:10
    Hackers are using fake NDAs to hit US manufacturers in major new phishing scam

    Date:
    Thu, 28 Aug 2025 16:53:00 +0000

    Description:
    A new phishing scam comes with a twist - the victims send the first email.

    FULL STORY ======================================================================Hackers reach out to companies via a "Contact Us" website form They then talk with
    the victims for weeks before deploying the malware The hackers are attacking with custom-built backdoors

    Cybercriminals are trying to deliver backdoor malware to US-based organizations by tricking them to sign fake non-disclosure agreements (NDA), experts have warned.

    A new report from security researchers Check Point outlined how in the campaign, the miscreants pose as a US-based company, looking for partners, suppliers, and similar.

    Often, they buy abandoned or dormant domains with legitimate business histories to appear authentic. After that, they reach out to potential victims, not via email (as is standard practice) but through their Contact Us forms or other communication channels provided on the website. Dropping MixShell

    When the victims get back to their inquiry, its usually via email, which
    opens the doors to deliver the malware.

    However, the attackers dont do it immediately. Instead, they build rapport with the victims, going back and forth for weeks until, at one point, they
    ask their victims to sign an attached NDA.

    The archive contains a couple of documents, including clean PDF and DOCX
    files to throw the victims off, and a malicious .lnk file that triggers a PowerShell-based loader.

    This loader ultimately deploys a backdoor called MixShell, which is a custom in-memory implant featuring a DNS based command and control (C2) and enhanced persistence mechanisms.

    Check Point did not discuss the number of potential victims, but it did say that they are in the dozens, varying in size, geography, and industries.

    The majority (around 80%) are located in the United States, with Singapore, Japan, and Switzerland, also having a notable number of victims. The
    companies are mostly in industrial manufacturing, hardware & semiconductors, consumer goods & services, and biotech & pharma.

    This distribution suggests that the attacker seeks entry points across
    wealthy operational and supply chain-critical industries instead of focusing on a specific vertical, Check Point argues.

    The researchers couldnt confidently attribute the campaign to any known
    threat actor, but said that there is evidence pointing to the TransferLoader campaign, and a cybercriminal cluster tracked as UNK_GreenSec.

    Via The Record You might also like Experts warn criminals are using backdoor malware to target governments Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-are-using-fake-ndas-to-hit-us-m anufacturers-in-major-new-phishing-scam


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)