Eggs in a Cloudy Basket: Skeleton Spider's Trusted Cloud Malware Delivery

SUMMARY :

Skeleton Spider, also known as FIN6, is a financially motivated cybercrime group that has evolved from POS breaches to broader enterprise threats. They employ social engineering tactics, posing as job seekers on platforms like LinkedIn to deliver phishing messages. Their preferred payload is more_eggs, a JavaScript-based backdoor. The group uses trusted cloud services like AWS to host malicious infrastructure, evading detection. Their phishing emails impersonate job applicants, with domains mimicking real names. FIN6 employs sophisticated filtering techniques to ensure malware delivery only to intended targets. The more_eggs malware, developed by Venom Spider, allows for command execution and credential theft. Defense strategies include cautious handling of resume links, blocking execution of suspicious files, and implementing EDR policies.

OPENCTI LABELS :

backdoor,phishing,social engineering,cloud infrastructure,aws,evasion techniques,more_eggs,resume lures,skeleton spider


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Eggs in a Cloudy Basket: Skeleton Spider's Trusted Cloud Malware Delivery