By Microsoft Defender Security Research Team
Publication Date: 2026-03-03 21:11:00
In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor. The campaigns used workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware.
Phishing emails directed users to download malicious executables masquerading as legitimate software. The files were digitally signed using an Extended Validation (EV) certificate issued to TrustConnect Software PTY LTD. Once executed, the applications installed remote monitoring and management (RMM) tools that enabled the attacker to establish persistent access on compromised systems.
These campaigns demonstrate how familiar branding and trusted digital signatures can be abused to bypass user suspicion and gain an initial foothold in enterprise environments.
Attack chain overview
Based on Defender telemetry, Microsoft Defender Experts conducted forensic analysis that identified a campaign centered on deceptive phishing emails…
