In August 2013, Symantec revealed the existence of a cybercriminal operation targeting European organizations, particularly ones in France. Over the past months, the attackers behind the campaign, dubbed Operation Francophoned, have made some changes.
Operation Francophoned attacks rely on a combination of social engineering and spear phishing emails. First, the attackers send a spear phishing email apparently containing an invoice to an employee of the targeted multinational company.
Then,…