CP
cyberpings
Threat IntelHIGH

APT-C-60's Evolving Attack Tactics Exposed

JPJPCERT/CCNov 5, 2025
APT-C-60spear-phishingmalwareSpyGlaceJPCERT/CC
🎯

Basically, a hacker group is using fake job emails to spread malware.

Quick Summary

APT-C-60 is ramping up its attacks using fake job emails to spread malware. Recruitment staff are particularly at risk, with tactics evolving to include direct file attachments. Stay vigilant and verify senders to protect your data. JPCERT/CC is monitoring the situation closely.

What Happened

Cybersecurity experts at JPCERT/CC have issued a warning about increased attacks by the threat group APT-C-60. These attacks, confirmed between June and August 2025, involve sophisticated spear-phishing? tactics targeting recruitment staff. This method closely mirrors previous attacks from August 2024, indicating a pattern that could affect many unsuspecting job seekers.

In the latest incidents, attackers have changed their approach. Instead of directing victims to download malicious files from Google Drive, they now attach harmful VHDX file?s directly to emails. When the recipient clicks on a link within the VHDX, it runs a malicious script? disguised as a legit?imate Git? command. This script not only displays a decoy document? but also creates and executes additional files, leading to further compromise of the victim's system.

Why Should You Care

If you’re applying for jobs or working in recruitment, these attacks could put your personal information at risk. Imagine opening a job application email only to inadvertently download malware that steals your data. This is not just an IT issue; it’s a personal one. Your computer could be turned into a tool for hackers without you even knowing.

The fact that these attacks are evolving means that you need to stay vigilant. Just like you wouldn’t open a suspicious package on your doorstep, you should be cautious about unexpected emails, especially those that seem to come from job seekers. Always verify the sender before clicking any links or downloading attachments.

What's Being Done

JPCERT/CC is actively monitoring these attacks and has provided updates on the malware's behavior and capabilities. Here are some immediate actions you can take to protect yourself:

  • Be cautious with unsolicited emails, especially those with attachments.
  • Use antivirus software to scan attachments before opening them.
  • Keep your software updated to ensure you have the latest security patches.

Experts are watching for further developments, especially regarding how APT-C-60 might adapt their tactics in the future. Staying informed is key to staying safe in this evolving landscape of cyber threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: APT-C-60's shift to direct attachments indicates a strategic pivot to bypass traditional email filters and increase infection rates.

Original article from

JPCERT/CC

Read Full Article

Share

Related Pings

HIGHThreat Intel

Alignment: The Key to Cybersecurity Success

Organizations are prioritizing alignment in cybersecurity to enhance their defenses. This affects everyone, as misalignment can leave your data exposed. Companies are now investing in training and collaboration to strengthen their security posture. Stay informed about how these changes impact your safety online.

Anthropic Research·Today, 3:38 AM
HIGHThreat Intel

FBI Probes Suspicious Cyber Activity on Surveillance Systems

The FBI is looking into suspicious cyber activity affecting sensitive surveillance systems. This could impact privacy and data security. Stay informed and review your own security practices.

SecurityWeek·Today, 1:01 AM
MEDIUMThreat Intel

AI-Powered Cyber Defense: Trump's New Strategy Unveiled

The Trump administration has announced a new cybersecurity strategy focusing on AI for defense. While promising, it lacks crucial details. This could affect your online security, so stay informed about developments.

Cybersecurity Dive·Yesterday, 10:36 PM
HIGHThreat Intel

Iran's MuddyWater Breaches Multiple U.S. Organizations

Iran's MuddyWater hacking group has breached multiple U.S. organizations, raising significant security alarms. These attacks could compromise sensitive information and disrupt essential services. The FBI is investigating, and Cisco has issued critical patches to address vulnerabilities.

CyberWire Daily·Yesterday, 9:30 PM
HIGHThreat Intel

MuddyWater APT Hits U.S. Organizations with Dindoor Malware

MuddyWater, an Iranian hacker group, is targeting U.S. organizations with new Dindoor malware. Banks, airports, and nonprofits are at risk of data breaches and disruptions. Cybersecurity teams are responding with updates and monitoring measures to protect sensitive information.

Security Affairs·Yesterday, 8:05 PM
HIGHThreat Intel

North Korean Threat Groups Exploit AI for Fake Worker Schemes

North Korean hackers are using AI to create fake job applicants. This tactic poses serious risks to companies and their sensitive data. Microsoft warns organizations to enhance their recruitment processes to combat this growing threat.

CyberScoop·Yesterday, 7:16 PM