Trend Micro spotted a new attack relying on weaponized Word documents and PowerShell scripts that appears related to the MuddyWater cyber-espionage campaign. Attackers used weaponized documents typically having geopolitical themes, such as documents purporting to be from the National Assembly of Pakistan or the Institute for Development and Research in Banking Technology. The attacks have been mistakenly associated with the FIN7 group, when Palo Alto discovered the first campaign reported that a C&C server delivering the. FIN7-linked DNSMessenger tool was involved in Muddy water attacks as well.”]
Source: https://securityaffairs.co/wordpress/73563/hacking/muddywater-campaign-powershell-backdoor.html