The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Cannon acts as a downloader and relies on emails to communicate with the C2 server and receive instructions. The Cannon uses three accounts hosted at a Czech service provider called Seznam to send emails. The attackers used the email account sahrobella7[at]post.cz as a C2 point.”]
Source: https://securityaffairs.co/wordpress/78268/hacking/sofacy-apt-cannon.html