VERY IMPORTANT

The Trellix Email Security Research Team has discovered a malicious campaign targeting government agencies of Afghanistan, India, Italy, Poland, and the United States since 2021. The attack starts with a spear phishing email with a geo-political theme. The spear phishing emails were themed around India Afghanistan relationship. Attacker used politics as a lure to trick users into clicking on a malicious link. The email used for this phishing attack contains an attachment or a weaponized URL that delivers an Excel sheet. Upon opening the Excel sheet, Excel executes an embedded malicious macro which then decrypts and installs a Remote Access Trojan (AysncRAT & LimeRAT) and maintains persistence.