A spear phishing campaign that targets individuals involved in regulatory filings with the U.S. Securities and Exchange Commission ("SEC") was identified in late February 2017. The spear phishing emails have a spoofed sender of "EDGAR <email@example.com>" with an attachment named "Important_Changes_to_Form10_K.doc." The attachment contains a malware-infected VBS script that installs a PowerShell backdoor that can be used to steal sensitive information from the infected machine.
- Charles Schwab Client Information Exposed in Data Breach
- Investment Firm Loses $495k in Spearphishing Attack
- FBI Reports Increased Ransomware Incidents
- How ACA Aponix Can Help