How Malware-Embedded Malicious Invoices and Purchase Orders Exploit Organizations (Part II)

Welcome to Part II of the series, “Malicious Invoices and Purchase Orders: How Malware-Embedded Files Exploit Organizations”. Thank you for pouring your love and insights on the previous articles.

Let’s have a quick recap of the Modus Operandi (MO) that we observed in the previous article.

How Malicious Invoices and Purchase Orders Work

1. Target Identification: Cybercriminals begin by identifying key individuals within organizations, especially those with high system privileges or roles in internal operations. This information can be sourced from official websites or different database and lead brokers on the dark web.
2. Initial Communication: The attacker approaches various industries — such as logistics, manufacturing, or healthcare — posing as a legitimate entity interested in business dealings.

The Attack Methods

For the part II, we are going to talk about the second method that leverages on the malicious PO Orders, that attacks via Scampage Invoices:

Method B: Phishing via Scampage Invoices