The coup, which is not new, may be a campaign by cybercriminal group FIN7, also known as Carbanak and Navigator. They specialize in card data theft. The discovery, made by Anomali researchers, of cyber security, was made after analyzing six different documents.
According to the researchers, the backdoor used may be a variation of the group itself, which has been in existence since at least 2018. They believe that the campaign could be in the air since the end of June this year. However, the escalation of news about Windows 11, which will be released on October 5th, makes the necessary warning.
The dissemination, they explain, is based on phishing techniques. In the campaign text, cybercriminals report that the downloaded document “was created on Windows 11 Alpha“. In order to be able to view the content, the user would need to enable editing and content, which would allow the malicious code to be activated.
In this case, the campaign targets users of other versions of Windows. If the code is activated, it must activate the macro planted in the document. The researchers report, however, that some specific languages may cause the code to be disabled (Russian, Ukrainian, Moldovan, Sorbian, Slovak, Slovenian, Estonian, Serbian).