A Korean threat actor, tracked as Higaisa, has been using malicious LNK files in recent attacks aimed at organizations that use the Zeplin collaboration platform. The group is believed to be a nation-state actor that has been active since at least 2016, but remained under the radar since 2019. The arsenal of the group includes common RAT such as Gh0st and PlugX that were employed in attacks against government officials and human rights organizations. Experts identified two variants of the attack between May 12 and May 31, using the Project link and New copyright policy.rar and CV_Colliers.rar.”]
Source: https://securityaffairs.co/wordpress/104469/apt/higaisa-hacking-group.html