CyberWatch Weekly: Top 3 Cybersecurity News from June 2nd Week

Cyberattacks are evolving in strategy, scale, and sophistication, with recent incidents shedding light on alarming new trends. From fake job seekers tricking recruiters into launching malware, to major food distributors suffering operational disruptions, and entire national infrastructures quietly infiltrated over years, this week’s cybersecurity headlines shows no one is immune. These breaches expose the growing vulnerability of both corporations and countries that rely heavily on digital systems. With attackers exploiting human behavior, operational dependencies, and supply chain links, it’s clear the stakes are higher than ever. Here’s a closer look at this week’s top headlines.

Cybercriminals Impersonate Job Seekers to Target Recruiters with Malware

Cybercriminal group FIN6 has shifted its tactics by targeting job recruiters instead of applicants, using fake resumes to deliver malware. Disguised as genuine job seekers, the attackers contact recruiters on platforms like LinkedIn and Indeed with professional-sounding messages. They include non-clickable URLs to resumes hosted on Amazon Web Services, which bypass traditional email security tools. When manually entered, these links lead to fake portfolio websites that detect real users through residential IPs, browser behavior, and Captcha tests. Human users are then served a zip file containing a disguised shortcut (.lnk file), which triggers the more_eggs malware when clicked. This JavaScript-based backdoor runs entirely in memory and uses native Windows tools, like wscript.exe and regsvr32.exe, to evade detection, enabling data theft, remote access, and potential ransomware attacks.

To combat this threat, companies must train recruiters on phishing tactics, scrutinize unsolicited resumes, and deploy behavioral threat detection across endpoints and cloud services.

Source: GovInfoSecurity

Cyberattack Disrupts North America’s Largest Food Distributor, Affecting Whole Foods

United Natural Foods, North America’s largest wholesale food distributor and the key supplier for Amazon’s Whole Foods, has suffered a major cyberattack. The company disclosed unauthorized access to its IT systems in an SEC filing and has since taken parts of its infrastructure offline. Although not confirmed, the incident is suspected to be a ransomware attack, part of a growing trend targeting the retail sector. Such attacks exploit retailers’ dependence on uninterrupted operations and access to sensitive customer data. Experts warn that the retail industry’s cash flow-based model makes it especially vulnerable to operational disruptions. United Natural Foods is now working with law enforcement, forensic specialists, and supply partners to restore systems and reduce customer impact.

Industry leaders stress the urgent need for proactive cybersecurity strategies, including threat monitoring, incident response planning, and staff awareness training, to defend against increasingly bold ransomware actors and state-sponsored threats.

Source: IT Pro

South Korea’s Digital Infrastructure Under Attack by China-Linked ‘Stealth Hackers’

South Korea is increasingly targeted by sophisticated “quiet hacking” campaigns, stealthy cyberattacks focused on long-term control rather than immediate disruption. Unlike ransomware, these operations aim to infiltrate critical infrastructure silently for years, as seen in the recent SK Telecom breach that exposed data of 26 million users. A joint report by Korea’s NCSC and AhnLab revealed that Chinese-linked group TA-ShadowCricket has quietly controlled over 2,000 systems globally, including 457 in Korea. These attackers exploit Remote Desktop Protocols and weak server passwords to build botnets capable of launching future large-scale cyberattacks. Experts warn that Korea’s deep digital integration, from smart appliances to solar inverters, has paradoxically made it more vulnerable.

The threat extends to critical infrastructure, with China-made solar inverters found to contain undocumented communication components that could bypass firewalls. Authorities are urging stronger cybersecurity policies, system audits, and reduced reliance on foreign tech to mitigate risks and strengthen national cyberdefense.

Source: Korea JoongAng Daily

Conclusion

From deceptive job applications to stealthy nation-backed hacks, the latest cyber incidents underscore a critical reality, threat actors are adapting faster than defenses. Organizations must rethink their security posture, focusing on awareness, resilience, and proactive measures. As threats grow more subtle and systemic, alertness remains the most vital line of defense.

Stay vigilant and informed, tune in next week for more updates in InfosecTrain’s CyberWatch Weekly!