The Vietnam Cybersecurity Emergency Response Center (VNCERT/CC), under the Authority of Information Security (Ministry of Information and Communications), recently alerted the public to a sophisticated cyberattack campaign primarily targeting professionals in the digital economy, particularly those using advertising platforms like Meta Ads.

According to VNCERT/CC, Cyble's Cyber Research and Intelligence Lab (CRIL) identified a complex attack campaign orchestrated by hacker groups, with digital marketing professionals as the main targets.

The attack begins by distributing phishing emails containing fake LNK files disguised as PDF documents related to work tasks.

When users open the fake files, a series of commands is triggered to download and execute malware from external storage sources such as Dropbox.

Additionally, the malware is encrypted in multiple layers and employs advanced evasion techniques to bypass security systems.

In the final stage of the attack, Quasar RAT malware is deployed, allowing attackers to take control of the infected system. This enables them to access and steal critical data, monitor victims' activities, and install additional malware.

To ensure system safety, VNCERT/CC recommends continuous monitoring and network traffic analysis to detect unknown connections. Users and administrators should also keep their systems and security software up to date with the latest patches.

Importantly, training and raising awareness about information security for employees remain crucial. “Organizations must ensure that their staff, particularly those working in digital marketing, are aware of phishing techniques and how to avoid harmful email attachments,” emphasized a VNCERT/CC expert.

Van Anh