During the last hours from Iberlayer we are detecting a new very aggressive campaign of mass mailings that claim to come from the Argentine Ministry of Security.

These emails include malicious files in OLE format (mainly under the name note_management_adm.doc) and links to infected servers. Both attack vectors point to a Ransomware-type virus.

Our Email Guardian service has detected the campaign from its very beginning thanks to our AMBAR technology based on generation algorithm detection. 90% of shipments are made from domains with well-configured SPF (in hard fail mode) and in many cases they even include correct DKIM signatures, which suggests a massive and automated use of hijacked accounts, probably through a Phishing attack prior to those domains.