Gamaredon, the Russia-backed advanced persistent threat (APT) threat actor that has been active since at least 2013 has reinforced its cyber warfare activities a new surge of Gamaredon APT attacks targeting the Ukrainian national security force with spear-phishing emails, introducing new variants of malware. The attached exploit document delivers additional payload and the spear-phishing email is marked as ‘clean’ by Kaspersky Secure Mail Gateway. The email header information further affirms that the threat actor is originating from Russia. The exploit document employs the template injection technique to install additional malware on the victim’s machine. Upon opening the document, it connects back to the hacker’s server to download the payload file.