Hi imfocused,
Be sure that you have a mail security product scanning inbound mails for malicious attachments. The payload of the malicious macros is often Cridex/Dridex.
Please do update this thread with any additional questions or mark it solved if you have received your answer!
With thanks and best regards,
Mick