A recently discovered phishing campaign is targeting European government personnel involved in managing the logistics of refugees attempting to enter the EU from Ukraine.
The hackers are using a possibly compromised Ukrainian armed service member's email account. The email had a malicious macro attachment that attempted to download SunSeed, a Lua-based malware.
Researchers stated that the phishing campaign might herald the next stage of attacks by UNC1151, a hacking group that has been linked to the Belarusian government.