The Higaisa APT is believed to be tied to the Korean peninsula. The groups activities go back to at least 2016 and include the use of Trojans such as Gh0st and PlugX. Its targets include government officials and human rights organizations, as well as other entities related to North Korea. The threat actors used a malicious LNK file bundled within an archive file which was most likely distributed via spear-phishing. The LNK files are disguised as a Curriculum Vitae (CV) and IELTS (IELTS) exam results.”]
Source: https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/