silversurfer

Level 54
Verified
Trusted
Content Creator
Malware Hunter
BSI, the German national cybersecurity authority, has issued a warning regarding a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages.

The mails are sent from the meldung @bsi-bund.org email address and, according to the BSI, the individuals targeted by this attack should not "open mails, links and attachments from this sender!" The official BSI email domain is bsi.bund.de according to CERT-Bund.

By using "Warnmeldung kompromittierter Benutzerdaten" as the subject line — which translates to "Warning message of compromised user data" — the attackers are trying to trick their targets into reacting to the bait out of curiosity and to open the infected attachments without giving it a second thought.

BleepingComputer independently tested and confirmed that the ZIP attachment delivered by this campaign will infect the targets after launching the Windows shortcut camouflaged as a PDF document within the archive.
Read more below:
 
Last edited: