New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry (Aug 19, 2019)
A new phishing campaign has been identified by Cofense that delivers the Adwind malware, a cross-platform malware program. Using an attachment, the phishing campaign has been targeting national grid utilities infrastructure with and email informing the user they need to sign and return a copy of the remittance advice. While the file appears as a PDF, it is a jpeg file with an embedded hyperlink that leads the victim to the infection URL and the payload is downloaded. In an attempt to avoid detection, the malware disables analysis tools and antivirus software. The malware has the ability to access the webcam, capture audio, capture system data, harvest credentials, key log and take screen shots.
Recommendation: Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.