Russia-linked APT group Turla used new variants of KopiLuwak Trojan in targeted attacks since 2019. Turla APT has been active since at least 2007 targeting diplomatic and government organizations and private businesses in Middle East, Asia, Europe, North and South America and former Soviet bloc nations. Kaspersky published a detailed analysis of a new modular tool dubbed Topinambour (aka Sunchoke the Jerusalem artichoke) The tool is spread via tainted software installers, the dropper includes a tiny.NET shell that is used to deliver commands to the target machine.”]
Source: https://securityaffairs.co/wordpress/88520/apt/turla-apt-topinambour-trojan.html