FIN7 is an Eastern European threat group, which targets organisations on a global scale, especially US organisations. According to researchers, this cybercrime group has been responsible for payment card thefts of more than 15 million, which has likely cost organisations more than $1 billion in losses.
According to Anomali, while they could not “conclusively identify the attack vector for this activity,” their analysis strongly suggests the attack vector was an email phishing or spearphishing campaign.
The campaign targets people who lack knowledge of Microsoft’s upcoming operating system. It reportedly uses a Word document, which is themed after Windows 11 Alpha, and asks users to perform steps to open it.
If a user doesn’t suspect anything fishy and performs the steps, then that will activate code, which will further allow threat actors to steal people’s financial information.
The Anomali Security researchers reported that one might see an image with Windows 11 Alpha, which will ask users to “Enable Editing” and “Enable Content” to begin the next stage of activity. Users will be asked to make the document compatible with the current operating system they are using.
The security have also given a breakdown of its technical components. It should be noted that Windows 11 will release on October 5 and is currently available for Windows Insider Program members, developers, and beta testers.