VERY IMPORTANT

MyCERT observed an increase in number of artifacts and victims involving a campaign against Malaysian Government officials by a specific threat group. The group motives is believe to be data theft and exfiltration. Reconnaissance: The group has leveraged previously compromised email addresses or impersonation of emails to send spear-phishing emails Delivery: Send spear-phishing emails with malicious attachments although Google Drive has been observed. This includes pretending to be a journalist, an individual from a trade publication, or someone from a relevant military organization or non-governmental organization (NGO). Weaponization: Microsoft document with enable macro that extract malicious exe to download loader.