In the last 48 hours, our Security Operations Centre Support Team has identified a very large number of infection attempts – a combination of Emotet, Qakbot, and Cobalt Strike compromises. Their entire team has been working around the clock for 2 straight days identifying these infection attempts. At this time, none of our clients have been impacted as our security software has been doing its job. Our investigation has found that all infection attempts were initiated from:
- End-user opens spear-phishing email
- Spear-phishing email either has a url to download or an already attached zip file
- Inside the zip file is a .doc file that is macro based
- End-user enables the macro and infects their machine
We are making you aware that there is a heavy spear-phishing campaign happening right now and to be very cautious about what you are opening (emails, their attachments, and embedded links). If you are concerned about something suspicious that you may have already viewed or opened, please do not hesitate to reach out via the green IT icon in your system tray or via email at firstname.lastname@example.org.