top of page
  • Clipeus

FIN6 Targets Recruiters

Proofpoint reports a campaign targeting recruiters to deliver malware by impersonating candidates.

The actor creates fake candidate identities and emails recruiters directly, pretending to be interested in job postings. Then, the actor delivers malware either directly via email attachment or by redirecting the recruiter to a purported portfolio of the candidate's work, which, in fact, hosts malware.

The campaign has been attributed to the Eastern European financially motivated threat actor known as FIN6 (a.k.a. TA4557), linked to groups such as Cobalt/Carbanak, Evilnum, and FIN7.

While email is the delivery mechanism observed so far, recruiters may benefit from paying particular attention to messages via social media, particularly platforms such as LinkedIn.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page