New Phishing Campaign Targets Tech Executives Using Corrupted ZIP Files and Office Docs to Evade Antivirus Defenses

A new phishing campaign has emerged, utilizing corrupted ZIP files and Microsoft Office documents to bypass antivirus software and email defenses. This tactic allows malicious files to land directly in users' inboxes without detection. Cado Security Labs has identified a specific spearphishing campaign targeting tech executives through DocuSign emails. According to researchers from Trustwave, this campaign is linked to a phishing-as-a-service platform known as Rockstar 2FA, which is an updated version of the DadSec/Phoenix kit tracked by Microsoft as Storm-1575. Additionally, reports indicate that phishing campaigns exploiting Cloudflare domains have more than doubled from 2023 to 2024, highlighting a significant increase in the use of such tactics in the cybersecurity landscape.