IRS-Themed Phishing Granting Threat Actors Remote Access

CIS CTI describes an active IRS/SSA-themed phishing campaign leveraging TryCloudflare domains to automatically download RemotePC installers that give attackers full remote access to victim systems; the report includes observed URLs, sandbox confirmation, multiple related URLs, and IOCs, and urges SLTT organizations to increase vigilance and leverage MS-ISAC services for mitigations.