The Inception attackers have been active since at least 2014 and have been documented previously by both Blue Coatand Symantec; historical attacks used custom malware for a variety of platforms, targeting a range of industries,  primarily in Russia, but also around the world. This blog describes attacks against European targets observed in October 2018, using CVE-2017-11882 and a new PowerShell backdoor we’re calling POWERSHOWER due to the attention to detail in terms of cleaning up after itself, along with the malware being written in PowerShell.

https://researchcenter.paloaltonetworks.com/2018/11/unit42-inception-attackers-target-europe-year-old-office-vulnerability/