Bluenoroff, a subdivision of the North Korean sponsored APT group Lazarus, recently switched its sights to Russian entities. A newly discovered campaign uses malicious Office documents specifically crafted to target Russian organizations. The operation uses Office documents as the initial infection stage and, as part of the last stage, drops the group’s KEYMARBLE backdoor Trojan. Lazarus (also known as HIDDEN COBRA, Guardians of Peace, ZINC, and NICKEL ACADEMY) became active during 2009.
Source: https://www.bleepingcomputer.com/news/security/north-korean-apt-lazarus-targets-russian-entities-with-keymarble-backdoor/