Unit 42 discovered an attack campaign against at least one defense company in Russia and one unidentified organization in South Korea delivering a variant of Bisonal malware. The adversary behind these attacks lured the targets into launching the malware by masquerading it as a PDF file (using a fake PDF icon) and reusing publicly available data for the decoy PDF files contents. To date, we have only collected 14 samples of this variant, indicating it may be sparingly used. We believe it is likely these tools are being used by one group of attackers.”]
Source: https://unit42.paloaltonetworks.com/unit42-bisonal-malware-used-attacks-russia-south-korea/