The researchers of the Yoroi-Cybaze ZLab, on 16 November, accessed to a new APT29’s dangerous malware used for the recent attacks against many important US entities, such as military agencies, law enforcement, defense contractors, media companies and pharmaceutical companies. The Russian group spread the malware through a spear phishing attacks impersonating a State Department official. The email messages carried a zip archive containing a simple, but effective, link file (.lnk).

https://blog.yoroi.company/research/new-cozy-bear-campaign-old-habits/