Several days ago, researchers at FireEye attributed a recent phishing campaign to FIN7, a campaign in which cybercriminals delivered malicious Microsoft Office documents to users, deploying both Cobalt Strike and a VBS-based backdoor on infected workstations. This report contained a sentence of particular interest to Cyber4Sight: “FIN7 is referred to by many vendors as ‘Carbanak Group,’ although we do not equate all usage of the Carbanak backdoor with FIN7.” In their previous report on this threat actor group, FireEye stopped short of making this direct connection, stating instead that “The use of the CARBANAK malware in FIN7 operations also provides limited evidence that these campaigns are linked to previously observed CARBANAK operations leading to fraudulent banking transactions, ATM compromise, and other monetization schemes.”