Phishing: Dangerous invoices from law firms
The Threat Fusion Center (TFC), a division of BlueVoyant, has uncovered the “NaurLegal” phishing campaign with fake invoices from law firms. The attackers rely on PDF documents, OneNote or Excel files that are infected with malware. The attackers pose as law firms and abuse the trust that their victims place in legal service providers. The campaign is called “NaurLegal” and the attacks are believed to have been orchestrated by cybercrime group Narwhal Spider (also known as Storm-0302, TA544). The attackers disguise malicious PDF files as authentic-looking invoices from reputable law firms - a tactic...