Several businesses in Germany, Italy, and the United States targeted by new group of hackers.

This group attempt to infect business users with backdoor, banking Trojan, or ransomware malware in phishing campaign. These campaigns are not customized for each enterprise hence no direct BEC but obviously the threat actors appear to be more interested in IT services, manufacturing and healthcare industries judging that companies from these industries hold critical data and, most likely, afford ransom payouts.   

Threat actors are sending out impersonating finance-related emails with attached MS Word document with malicious macros. Once opened, maldoc executes a script to run PowerShell commands to download and install malicious payloads onto the victim’s system.

As soon as payload gets to the system, some of well-known ransomwares, trojans and backdoors will be installed. Ransom, such as Maze, will encrypt all of data files and save a ransom note in every directory. CyberQuay Next Generation CDR (NGCDR) prevents these and any of similar attacks from malicious campaigns by utilizing CyberQuay patent pending technologies.