Phishing emails advise the victim that a trial subscription has expired and that they will be automatically charged a monthly fee unless they call a number to cancel the trial.

"When recipients call the number, a fraudulent call center operated by the attacker instructs them to visit a website and download an Excel file in order to cancel the service. The Excel file contains a malicious macro that downloads the payload," Microsoft Security Intelligence explains.

Microsoft's security team has also observed the group using the Cobalt Strike penetration testing kit to steal credentials, including the Active Directory (AD) database. Cobalt Strike is frequently used for lateral movement on a network after an initial compromise. The AD theft is a big deal for the enterprise since it contains an organization's identity and credential information.

Cyber attacks are on the rise. For a risk-free cybersecurity risk assessment, call KMJ Professional Resources @ (214) 227-2437 or visit our website @ kmjpro.com