Researchers observed an increase in number of artifacts and victims involving a campaign against Malaysian Government officials by a specific threat group. The group motives is believe to be data theft and exfiltration. The group has leveraged previously compromised email addresses or impersonation of emails to send spear-phishing emails. The delivery method was sending spear-phishing emails with malicious attachments although Google Drive has been observed. This includes pretending to be a journalist, an individual from a trade publication, or someone from a relevant military organization or non-governmental organization (NGO) asking users to enable macro of Microsoft document with that extract malicious exe to download loader.