FlagThis

Tax season 2025 has seen a surge in ransomware attacks leveraging the RansomHub platform, targeting various sectors. Threat actors are actively exploiting tax-related themes to deploy highly targeted phishing campaigns, employing malicious hyperlinks and attachments. Multiple malware families including BRc4, Latrodectus, and Remcos are being delivered through these campaigns, utilizing phishing-as-a-service (PhaaS) kits such as RaccoonO365, as well as QR codes, and redirection tactics like URL shorteners to evade detection and compromise systems.

These attacks often begin with convincing IRS-themed lures delivered via phishing emails that exploit trust in familiar services like DocuSign or Microsoft 365. Attackers are using tactics involving fake tax verification forms with embedded links, PDF attachments containing QR codes, and redirects hosted on compromised websites or abused cloud services like Firebase and Dropbox. This malicious activity highlights the continued effectiveness of phishing techniques and the widespread use of RaaS, emphasizing the need for enhanced security measures during tax season.

ImgSrc: www.microsoft.c

References :

• Source: Threat actors leverage tax season to deploy tax-themed phishing campaigns
• Vulnerable U: Tax Season Phishing 2025 - Full Threat Breakdown
• The Hacker News: Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
• Cyber Security News: Cybercriminals Exploit URL Shorteners and QR Codes for Tax-Related Phishing Scams

Classification:

• HashTags: #Ransomware #Phishing #TaxSeason
• Company: Multiple
• Target: Multiple organizations
• Attacker: RansomHub affiliates
• Product: Multiple
• Feature: phishing emails, QR codes
• Malware: BRc4, Latrodectus, Remcos
• Type: Ransomware
• Severity: Medium