Cisco’s Talos Intelligence Group has identified a targeted cyber-attack focusing on specific organizations. The malware began with a targeted spear phishing email to initiate the malware and infected U.S. state government servers to further develop the malware infection chain. The spear phishing emails appear as if they were sent by the SEC Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system and contained a malicious attachment that would initiate advanced infection process when opened. The use of a complex multi-stage infection process indicates that the source of the attack is highly sophisticated and continuing to operate.
Advisers should alert their employees to be extremely careful when opening emails and attachments that appear unusual. Advisers that are concerned about having received a spoofed email should contact their IT provider without forwarding the email.