Cybersecurity firm Intezer said the pandemic-themed phishing emails were employed to deliver the Go version of Zebrocy (or Zekapab) malware. Operation linked to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM) The malware is delivered as part of a Virtual Hard Drive (VHD) file that requires victims to use Windows 10 to access the files. The VHD file appears as an external drive with two files, one a PDF document purports to contain presentation slides about Sinopharm International Corporation.
Source: https://thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html