A group of financially motivated threat actors from Vietnam, tracked as UNC6229, is targeting individuals in the digital advertising and marketing sectors through fake job postings. They use social engineering tactics to deliver malware and phishing kits, aiming to compromise high-value corporate accounts and hijack digital advertising accounts. The attackers create fake company profiles on legitimate job platforms, luring applicants with attractive remote job openings. Once contact is established, they send malware attachments or phishing links, often abusing legitimate business and CRM platforms to appear credible. The campaign's success relies on victim-initiated contact and targets remote digital advertising workers with access to company ad accounts.