- The administrative assistant to a vice president at a French-based multinational company received an email referencing an invoice hosted on a popular file sharing service.
- The same administrative assistant received a phone call from another vice president within the company, instructing her to examine and process the invoice.
- The vice president spoke with authority and used perfect French. However, the invoice was a fake and the vice president who called her was an attacker.
The remote access Trojan (RAT) contacted a command-and-control (C&C) server located in Ukraine which allowed the attacker to take control of the administrative assistant’s infected computer and log keystrokes, view the desktop, and exfiltrate files.