against Polish financial institutions through the booby-trapped site of the Polish Financial Supervision Authority are just one piece of a larger puzzle , elements of which are slowly coming to light . As the indicators of compromise and attack were shared by the affected banks , other institutions around the world found that they have been hit , as well . The sites were booby-trapped with code that would trigger the download of malicious JavaScript files from other compromised domains ( sap.misapor [ . The domains hosted an exploit kit , which leveraged Silverlight and Flash exploits to deliver malware . According to the researchers ’ findings , the site of the Polish Financial Supervision Authority was booby-trappedAttack.Phishingsince at least the beginning of October 2016 , but not all visitors were hit . The IPs only contained the first 3 octets , and would have been used to filter traffic such that only IPs on that subnet would be delivered the exploit and payload . The IP addresses corresponded to a mix of public and private financial institutions spread across the globe , ” BAE Systems researchers shared . The majority of these institutions are banks in Poland , the US , Mexico , UK , and Chile .