
29 Apr 2025
Your legitimate business communications are being hijacked.
Criminal group Hive0145 has evolved beyond fake invoices—they're now stealing actual invoice emails from compromised accounts and injecting them with malware. These aren't clumsy forgeries. They are the exact authentic communications your partners actually sent, complete with correct recipient names, branding, and legitimate business context.
Â
The twist? When you open these seemingly familiar attachments, you are not just viewing an invoice, you are unleashing Strela Stealer malware that harvests your email credentials, creating an endless cycle of new compromises. Each breached account becomes ammunition for the next attack.
Â
Implement strict multi-factor authentication for all email accounts this week. Train your finance team to verify invoice-related communications through a separate channel, even when they appear to come from trusted sources.
Â
While most organizations are still watching for obvious phishing signs, these criminals are selling your compromised credentials to other threat actors who launch devastating follow-up attacks inside your network.
Â
Need to verify if your organization's communications are already being weaponized against your customers and partners? Let's talk before your reputation takes the hit.