The infamous Cobalt hacking group, responsible for hundreds of millions of dollars of damages to financial institutions, appears to be embarking on a new campaign.
According to researchers at security firm Netscout, the crooks have already targeted Russia's NS Bank and Romania's Patria Bank with their latest scam.
The group sent spear phishing messages that appeared to be from other banks or vendors but in fact contained malicious URLs.
One of the emails contained two links, one contained obfuscated VBA scripts while the other was a binary with a jpg extension.
The researchers say that using separate infection points in one email is unusual but speculate that it could increase the odds of success.
Netscout says that it expects the Cobalt Group to continue targeting FS firms in Eastern Europe and Russia, advising banks to train staffers on spotting phishing emails.
Cobalt has been linked with a host of ATM jackpotting hacks as well as recent attacks on the Swift network.
Earlier this year, the man thought to be the group's mastermind was arrested in Spain, accused of being behind an operation that struck banks in more than 40 countries resulting in cumulative losses of over EUR1 billion.