Turla, a long operating advanced persistent threat group (APT) with presumed ties to the Russian government, appears to be actively targeting G20 participants and those interested in its activities. A new JavaScript dropper for a backdoor called KopiLuwak has been known to use. The dropper first surfaced in mid-July suggesting that the campaign is a new and potentially ongoing one, Proofpoint said in a blog post. Targets receive an email containing a benign decoy document inviting people to a G20 Digital Economy Taskforce meeting in Hamburg this October.”]
Source: https://www.darkreading.com/attacks-breaches/russian-speaking-apt-engaged-in-g20-themed-attack