Cybercriminals Behind Operation Francophoned Start Using New Payload
Location of operation Francophoned targets
In August 2013, Symantec revealed the existence of a cybercriminal operation targeting European organizations, particularly ones in France. Over the past months, the attackers behind the campaign, dubbed Operation Francophoned, have made some changes.
Operation Francophoned attacks rely on a combination of social engineering and spear phishing emails. First, the attackers send a spear phishing email apparently containing an invoice to an employee of the targeted multinational company.
Then, they call the recipient and tell him/her to process the invoice. The so-called invoice is actually a piece of malware that gives the attackers access to the organization’s systems.