{"id":1277,"date":"2024-06-13T12:34:30","date_gmt":"2024-06-13T12:34:30","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1277"},"modified":"2024-06-13T12:34:30","modified_gmt":"2024-06-13T12:34:30","slug":"new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/","title":{"rendered":"New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers"},"content":{"rendered":"<p>Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE.<\/p>\n<p>&#8220;WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads,&#8221; Elastic Security Labs researcher Daniel Stepanic said in a new analysis. &#8220;Each sample is compiled with a hard-coded [command-and-control] IP address and RC4 key.&#8221;<\/p>\n<p>The backdoor comes with capabilities to fingerprint infected machines, capture screenshots, and drop more malicious programs. The company is tracking the activity under the name REF6127.<\/p>\n<p>The attack chains observed since late April involve the use of email messages purporting to be from recruitment firms like Hays, Michael Page, and PageGroup, urging recipients to click on an embedded link to view details about a job opportunity.<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2024\/06\/new-phishing-campaign-deploys.html\">Read the Full Story Here<\/a><\/p>\n<p>Source: The Hacker News<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. &#8220;WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads,&#8221; Elastic Security Labs researcher Daniel Stepanic said in a new analysis. &#8220;Each sample is [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":802,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1277","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers - Community\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. &#8220;WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads,&#8221; Elastic Security Labs researcher Daniel Stepanic said in a new analysis. &#8220;Each sample is [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-13T12:34:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2022\/01\/pexels-tima-miroshnichenko-5380664.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/\",\"name\":\"New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2022\/01\/pexels-tima-miroshnichenko-5380664.jpg\",\"datePublished\":\"2024-06-13T12:34:30+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2022\/01\/pexels-tima-miroshnichenko-5380664.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2022\/01\/pexels-tima-miroshnichenko-5380664.jpg\",\"width\":1280,\"height\":853},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/","og_locale":"en_US","og_type":"article","og_title":"New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers - Community","og_description":"Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. &#8220;WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads,&#8221; Elastic Security Labs researcher Daniel Stepanic said in a new analysis. &#8220;Each sample is [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2024-06-13T12:34:30+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2022\/01\/pexels-tima-miroshnichenko-5380664.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/","name":"New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2022\/01\/pexels-tima-miroshnichenko-5380664.jpg","datePublished":"2024-06-13T12:34:30+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2022\/01\/pexels-tima-miroshnichenko-5380664.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2022\/01\/pexels-tima-miroshnichenko-5380664.jpg","width":1280,"height":853},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-phishing-campaign-deploys-warmcookie-backdoor-targeting-job-seekers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1277"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1277\/revisions"}],"predecessor-version":[{"id":1278,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1277\/revisions\/1278"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/802"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}