A coordinated phishing campaign has been identified targeting financial executives, particularly chief financial officers (CFOs), across Europe, Africa, and Asia. The attackers impersonate recruiters from Rothschild, a prominent financial institution, to deceive victims into completing a CAPTCHA that leads to the installation of legitimate remote access tools NetBird and OpenSSH. This tactic grants cybercriminals unauthorized remote access to the victims' systems. Additionally, a related phishing operation observed by GTIG targets European government organizations using signed .rdp attachments to initiate Remote Desktop Protocol connections, highlighting a broader trend of sophisticated cyber intrusions leveraging trusted software to bypass security defenses.