U.S. Finance Sector Hit with Targeted Backdoor Campaign
The United States’s financial sector experienced an increase in cyberattacks last month, the majority of which delivered a powerful backdoor named Minebridge. Minebridge gives cyberattackers advantage over a victim’s machine, allowing them to have full access to all functions. The attack chain employed in the US financial services sector included a known method named VBS stomping that allows attackers to avoid detection.
According to security researchers at FireEye, the campaigns aimed to secure the ability to enable further malware infections and espionage efforts. The campaigns were initiated through phishing emails containing documents that held malicious macros. The emails originated from fake domains that had a sophisticated design. The first campaign was spotted on January 7, and another one similar was created on January 28.