FruityArmor APT group was using one of the Windows zero days patched by Microsoft last week to escape sandboxes and carry out targeted attacks. The vulnerability, CVE-2016-3393, stemmed from the way a component, Windows graphics device interface (GDI), handled objects in memory. Microsoft said in bulletin MS16-120, which it marked critical, that an attacker could exploit the vulnerability multiple ways, either by tricking a user into opening a rigged document file, tricking them to click on a link, or opening an attachment sent via email.
Source: https://threatpost.com/fruityarmor-apt-group-used-recently-patched-windows-zero-day/121398/