Intel Name: A flyby on the cfo’s inbox: spear-phishing campaign targeting financial executives with netbird deployment
Date of Scan: June 3, 2025
Impact: High
Summary: On May 15th, email security tools detected a sophisticated spear-phishing campaign targeting CFOs and finance executives at banks, energy firms, insurance companies, and investment groups across Europe, Africa, Canada, the Middle East, and South Asia. This multi-stage attack aimed to deliver NetBird, a legitimate WireGuard-based remote access tool, onto victims’ systems. In recent years, threat actors have increasingly adopted such remote-access tools to maintain persistence and deepen access within compromised networks.
