A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX.
The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial, business service, retail, and healthcare sectors. Low-volume style campaigns, sometimes called snowshoe spam attacks, use multiple domains to send relatively small blasts of bogus emails to circumvent reputation- or volume-based spam filtering.
“The largest volume of messages we observed were sent to the information technology, manufacturing, insurance, and technology verticals,” wrote Proofpoint researchers in a Monday analysis. They observed, “the majority of roles targeted in the Hakbit campaigns are customer-facing with individuals’ business contact information revealed publicly on company websites, and/or advertisements. These roles include attorneys, client advisors, directors, insurance advisors, managing directors and project managers.”