Fake Recruiters Use NetBird to Target CFOs Globally

A new spear-phishing campaign is targeting Chief Financial Officers and financial executives across six global regions, cybersecurity researchers have warned. The operation, which spans Europe, Africa, Canada, the Middle East, and South Asia, leverages fake recruiter emails to lure victims into downloading a legitimate remote access tool called NetBird.

The attackers appear to be executing a multi-stage phishing scheme, using social engineering to gain the trust of high-level finance professionals at banks, energy providers, insurance firms, and investment companies. Once the email recipients are engaged, the attackers introduce NetBird under the guise of a recruitment process, granting them remote access to the victims’ systems.

While NetBird itself is a legitimate software used for secure remote networking, its misuse in this context allows unauthorized access without triggering traditional security alerts. The campaign underscores the growing trend of blending authentic tools with malicious intent to bypass organizational defenses and target sensitive financial infrastructures.