Intrusions by Kimsuky involved the delivery of spear-phishing emails luring ZIP file downloads and malicious file extraction to facilitate the deployment of the payloads, which are suspected to be of the same author due to source code similarities.
Article Link: Novel payloads spread in Kimsuky attacks | SC Media