Talos has observed a cyber attack which was launched using the official website of Ukraine-based accounting software developer Crystal Finance Millennium (CFM) CFM’s website was being used to distribute malware that was retrieved by malware downloaders attached to messages associated with a concurrent spam campaign. The attack occurred in August 2017, during the time frame associated with the observance of the Independence Day holiday in Ukraine. This blog provides additional information related to the geographic regions that were targeted by this attack as well as the size and scope of of systems that were successfully compromised.”]
Source: https://blog.talosintelligence.com/2018/01/cfm-zeus-variant.html