Threat actors distributed phishing emails with malicious ZIP files containing a Word-spoofing LNK file purporting to be a list of individuals who committed remote control software regulation violations, which facilitates the deployment of a Microsoft binary and a DLL file concealing Cobalt Strike.
Article Link: Cobalt Strike deployment sought by covert China-targeted campaign | SC Media