The campaign was discovered by experts from Kaspersky Lab who speculate the attackers are financially motivated. The messages purported to be invitations to tender from large industrial companies. Attackers personalized the content of each phishing email reflecting the activity of the target organization and the type of work performed by the employee to whom the email is sent. Messages disguised as commercial offers where used by attackers to deliver a legitimate remote administration software on victims systems (TeamViewer or Remote Manipulator System/Remote Utilities)”]
Source: https://securityaffairs.co/wordpress/75033/hacking/industrial-sector-spear-phishing.html