Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 - Malicious Archive Delivery Stage 2 - Malicious Shortcut Execution Stage 3 - HOPPINGANT JavaScript Loader