A spam campaign targeting German users has increased its chances of successfully tricking users into installing malware , by embedding several pieces of the victim 's personal information into its poisoned email messages . The campaign , which has been active since at least January 2017 , begins when a user receives an email written entirely in German . Its message informs the recipient they 've attempted to pay for something online but that the transaction did not complete successfully The user must re-submit payment , the email demands , otherwise they could be penalized by a collection agency or even law enforcement . Sample of spam message seen targeting German users . Most of us know better than to fall for this type of scam , and the attackers know it . Which is why they 've outfitted Attack.Phishing their attack emails with a technique that 's designed to convince Attack.Phishing the recipient the notice is legitimate . Andrew Brandt , director of threat research at Symantec , elaborates on this point in a blog post : `` The key detail of each message was the fact that the recipient ’ s full name , mailing address , and telephone number were embedded in the middle of the message . '' Brandt does n't elaborate on how the attackers obtain Attack.Databreach users ' personal information . Technically , bad actors can use Google and other tools to easily find these details . Seeing your personal information is enough to sway most users , so much so that a recipient would probably open the double-zipped attachment and thereby expose themselves to Nymaim.B . For its command and control ( C & C ) server , this banking trojan uses afegesinge [ dot ] com . At one point in time , 13 other malware executables communicated with it . Back in April 2016 , for instance , BBC News reporter Shari Vahl and ZDNet journalist Zack Whittaker separately spotted malicious emails in their inboxes that said they owed money to a collection agency , and included their real-life address information to make the messages appear more convincing . Unlike the German campaign , however , the UK attack Attack.Phishing sought to trick Attack.Phishing users into clicking on links that led them to Maktub ransomware . No matter how convincing an email seems to be , it always pays to double check these kinds of claims by calling the company purportedly making the claim to confirm the message ’ s authenticity ( or to prove that it is false ) . '' Aside from confirming with the alleged sender , users should maintain an up-to-date security solution on their computers , implement software updates as soon as they become available , and delete any suspicious emails .

The shadowy hacker consortium known as Callisto Group targeted the UK 's Foreign Office over several months in 2016 . According to research firm F-Secure , Callisto Group is an advanced threat actor whose known targets include military personnel , government officials , think tanks and journalists , especially in Europe and the South Caucasus . Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions , and this , combined with infrastructure footprint links to known state actors , suggests a nation-state benefactor , the firm said . In October 2015 the Callisto Group targeted a handful of individuals with phishing emails that attempted to obtain Attack.Databreach the target ’ s webmail credentials . Then , in early 2016 , the Callisto Group began sending Attack.Phishing highly targeted spear phishing emails with malicious attachments that contained , as their final payload , the “ Scout ” malware tool from the HackingTeam RCS Galileo platform . Scout was , ironically , originally developed for law enforcement . “ These spear-phishing emails were crafted Attack.Phishing to appear highly convincing , including being sent Attack.Phishing from legitimate email accounts suspected to have been previously compromised Attack.Databreach by the Callisto Group via credential phishing Attack.Phishing , ” F-Secure noted in a paper , adding that the group is continuing to set up new phishing Attack.Phishing infrastructure every week . One of the targets for Callisto in 2016 was the Foreign Office , according to BBC sources . The outlet reports that the government is investigating an attack that began in April last year . A source told the BBC that the compromised server didn ’ t contain the most sensitive information , fortunately . In a statement , the UK 's National Cyber Security Centre ( NCSC ) declined attribution or comment and merely said : `` The first duty of government is to safeguard the nation and as the technical authority on cybersecurity , the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world . The government 's Active Cyber Defence programme is developing services to block , prevent and neutralise attacks before they reach inboxes. ” F-Secure also said that evidence suggests the Callisto Group may have a nation-state sponsor , and that it uses infrastructure tied to China , Russia and Ukraine . It told the BBC that Callisto Group 's hacking efforts show similarities in tactics , techniques , procedures and targets to the Russia-linked group known as APT28 , though the two appear to be different entities . However , Callisto Group is also associated with infrastructure used for the sale of controlled substances , which “ hints at the involvement of a criminal element , ” F-Secure said . Going a bit further , a different source told the BBC that two of the phishing domains used in the UK attack Attack.Phishing “ were once linked to an IP address mentioned in a US government report into Grizzly Steppe. ” Grizzly Steppe is the code-name for Russian meddling in the US elections .