In a recent spear-phishing campaign, the Cobalt Hacking Group used a remote code execution vulnerability in Microsoft Office software to connect to its command and control server via Cobalt Strike. However, they gave up much more information than they intended. On Tuesday, November 21, a massive spear-phishing campaign began targeting individual employees at various financial institutions, mostly in Russia and Turkey. Purporting to provide info on changes to ‘SWIFT’ terms, the email contained a single attachment with no text in the body.