The coup, which is not new, may have been a campaign by cybercriminal group FIN7, also known as Carbanak and Navigator. They are specialized in theft of card data. The discovery, made by Anomali researchers, of cybersecurity was made after analyzing six different documents.
According to the researchers, the backdoor used may be a variant of the group itself, which has been around since at least 2018. They suspect the campaign could have been up and running since the end of June this year. However, the escalation of news about Windows 11, which comes out on October 5, warns.
The distribution, they explain, is based on phishing techniques. In the campaign text, cyber criminals report that the downloaded document was “created on” Windows 11 Alpha“. In order to view the content, the user must enable editing and content, which could trigger the malicious code.
In this case, the campaign targets users of other versions of Windows. If the code is activated, it should activate the macro planted in the document. However, the researchers report that some specific languages can cause the code to be disabled (Russian, Ukrainian, Moldovan, Sorbian, Slovak, Slovenian, Estonian, Serbian).