Threat actors are targeting HR employees who are looking to hire new people, according to Lisa Vaas at Contrast Security. As part of their job, HR employees frequently interact with people outside of the organization and are more likely to open external files. Attackers frequently take advantage of this by hiding malware within phony resumé files.

Vaas cites Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, as saying in a talk at RSAC that North Korean threat actors are particularly fond of this technique.

“[One thing] that’s been really interesting to watch is their attempts to infiltrate organizations remotely by trying to actually get hired inside of these companies, particularly in the web3 crypto space, where they’re responding to advertisements,” Alperovitch said. “They’re saying they’re willing to do remote development work. They’re saying they’re from ‘a’ Bay Area, although in many of the interviews they failed to identify even the most common locations in ‘the’ [San Francisco] Bay Area.”

Attackers use job-listing and networking sites such as LinkedIn to identify potential targets.

“They’re still having a tough time actually passing these interviews, but they don’t have to pose as Bay Area natives when it comes to packing resumés with malware,” Vaas writes. “One example: In April, eSentire research showed that new phishing attacks, targeting corporate hiring managers, were delivering the more_eggs malware, tucked into bogus CVs. These campaigns sprang up a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers: The offers dangled malicious ZIP archive files with the same name as that of the victims’ job titles, as lifted from their LinkedIn profiles.”

Niceness, to be sure, is a good thing, everything else being equal. But it can also render you vulnerable to scams and cons. Every employee needs to know that they should never click the “Enable content” button in a Microsoft Office document. New-school security awareness training can teach your employees how to avoid falling for phishing attacks.