The FBI has learned of a #cyber criminal group who self identifies as the « OnePercent Group » and who have used Cobalt Strike to perpetuate #ransomware attacks against #US companies since November 2020.

OnePercent Group actors compromise victims through a phishing email in which an attachment is opened on Microsoft #Windows operating systems by the user. The attachment's macros infect the system with the IcedID #banking #trojan. IcedID downloads additional software to include Cobalt Strike. Cobalt Strike moves laterally in the network, primarily with #Mirosoft PowerShell remoting.

📎 (PDF) https://www.ic3.gov/Media/News/2021/210823.pdf