Intrusions by UAC-0063 involved the initial compromise of an employee's email account to facilitate the delivery of the malware strains, with Cherryspy enabling Python code execution and Hatvibe allowing further compromise.
Article Link: New APT28-linked cyberespionage campaign hits Ukraine institutions | SC Media