A new phishing campaign is targeting Cyprus sending a well crafted email to trick users to download malicious files, masquerading as a sender from the University of Cyprus. If you have received the following e-mail (written in Greek), please do not open the attachments because they are malicious.
If the attached files have been opened, please disconnect the computer from the network (to prevent any unauthorized communications) and inform your system administrator about it immediately.
After analyzing the Internet headers of the email, as shown below, the message came from IP address 18.104.22.168 which is located in Russia.
Administrators can take the necessary actions to block the reported IP address and Hashes of the malicious files from the perimeter of their network.
Malicious files report / IoCs: HERE