A spear phishing campaign that targets individuals involved in regulatory filings with the U.S. Securities and Exchange Commission ("SEC") was identified in late February 2017. The spear phishing emails have a spoofed sender of "EDGAR <email@example.com>" with an attachment named "Important_Changes_to_Form10_K.doc." The attachment contains a malware-infected VBS script that installs a PowerShell backdoor that can be used to steal sensitive information from the infected machine.
For more information, see https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html
ACA Aponix Guidance
ACA Aponix recommends taking the following precautionary measures to prevent malware infections via spear phishing emails:
- Warn your staff about this attack and train them how to identify and prevent phishing and spear-phishing attacks;
- Do not open attachments included in unsolicited emails;
- Check links contained in emails by hovering over them before clicking; and
- Make sure antivirus and anti-spyware software is up-to-date.
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.