Cyberattacks

Cybercriminals Flip the Script: ZipLine Campaign Makes Victims Email First

Explore the "ZipLine" phishing scam where attackers use fake partnerships to deliver malicious files, targeting industries like biotech and pharma.

By Content Team

Aug 28, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A new phishing campaign called "ZipLine" is turning traditional tactics upside down by making victims initiate contact first. Attackers submit fake partnership inquiries through company contact forms, then spend weeks building trust through professional emails before striking with malicious zip files containing the "MixShell" implant.

The scammers use abandoned domains from 2015-2019 with legitimate business histories to bypass security filters. Their fake websites all use identical templates featuring the same stock photo of White House butlers as company founders.

Industrial manufacturers are prime targets, though the campaign spans biotech, pharma, and semiconductor companies. Check Point Software warns this sophisticated approach requires extensive preparation but exploits human trust through legitimate business channels.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Trivy Supply Chain Attack Expands With New Compromised Docker Images

Mar 23, 2026

Ericsson Data Breach Exposes 15,000 People's Personal Information

Mar 10, 2026

FortiGate Firewalls Under Attack: Hackers Exploit Critical Vulnerabilities to Steal Corporate Credentials

Mar 15, 2026

Cyber Fraud Now Top CEO Fear, Overtaking Ransomware Threat

Jan 14, 2026