Researchers discovered a new wave of malware campaign that believed to be launched by APT hackers group using legitimate NSIS software to pack and launch the Shellcode on Windows. Researchers analysed and observed the structure of the NSIS installers and find the final payload that located above the shellcode. Researchers also found that the campaign Cobalt Strike utility that used by the professional pentesters and some time it abused by the APT hacker groups. The first is a type of backdoor used for controlling an infected machine via the VNC protocol. The second is a ransomware that encrypts the victims information and threatens to publish it.”]
Source: https://gbhackers.com/apt-hackers-abusing-microsoft-crypto-api/