VERY IMPORTANT

The analysis involves an email campaign targeting the journalist group Bellingcat, delivering a malicious zip file that ultimately deploys an HTTP reverse shell. The infection chain involves a malicious zip archive, a .lnk file masquerading as a PDF, and a PowerShell script executing a reverse shell that enables data exfiltration. The campaign is attributed to a Russia-nexus threat actor based on consistent targeting of organizations critical of Russia.