Deploying Backdoors in Windows via Word Docs These malicious actors have been tricking victims into clicking through phishing emails that contain ransomware and even banking trojans- by sending email alerts that require immediate action, like emails from the German Federal Ministry of Finance, United States Postal Service, law enforcement and finance firms. But, what's happening behind the curtains is them deploying ransomware in your windows via a word document, that opens when you open the attachment.
Proofpoint researchers have been observing these impersonators from October 16 until November 12, 2019, their collected data gave a clear sight of the attacker's target, how they operate by sending spams to companies, IT units from Germany, Italy, and United States. “Researchers also Observed a consistent set of TTP (Tactics, Techniques, and Procedures) that allows attribution of these campaigns to a single actor with high confidence. These include the use of .icu domains, as well as identical email addresses for the Start of Authority (SOA) resource records stored for the DNS entries for the domains used in these campaigns”, Proof point ..
Support the originator by clicking the read the rest link below.