TLP AMBER ANNOUNCEMENT:
A new wave of financially motivated, APT-style group, of cyber threat actors are targeting large restaurant chains with phishing emails containing malicious attachments. As early as April 2017, a new wave of the group's activity has been targeting the retail and hospitality sectors. The APT-style group has been active since 2015 and is known for their use of the Carbanak malware. The most recent campaigns leverage two new RTF droppers to deliver a variant of a known backdoor. Early campaigns were known for targeting financial institutions and banks; in 2015, targeting European banks through a banking application called the Internet Front End Banking System (iFOBS). This report describes TTPs leveraged in the recent campaigns. To Read the Full Report find out more about Red Sky Alliance Portal Intelligence, click here.