Attacks targeting Russian military personnel and Russian telecoms employees through novel new, highly customised email campaigns using the headlines of credible Russian media articles are being used to deliver a variant of the remote access Trojan (RAT) known as PlugX according to new research from Proofpoint.

The attacker, believed to operate out of China, is sending spear-phishing emails with document attachments and URLs to RAR archive files hosted on deceptive domains. Users are being enticed to click and activate link payloads. Once enabled, the payload steals information and can laterally move within the targeted organisations.

More to follow.