VERY IMPORTANT

Anomali Threat Research has identified malicious activity targeting entities based in Myanmar (Burma) that appears to have begun in March 2020; this is based on file names and payload compilation times. An unidentified Advanced Persistent Threat (APT), very likely China-based, is distributing Windows Shortcut (LNK) files that are being renamed and distributed to multiple targets, likely via spearphishing. Anomali Threat Research found these LNK files located inside multiple, uniquely-named RAR, TGZ, and ZIP files. The RAR and ZIP files are hosted on Google Drive, this is very likely a tactic to avoid antivirus detection. The group uses the PowerShell-based, Red Teaming tool Octopus for Command and Control (C2) communication.