Before this most recent campaign, the hackers have been involved in other large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. These latest attacks signal a change in direction. Researchers said they became aware of this campaign when they were called in to assist with incident response and discovered the organization had fallen victim to the ThreatNeedle backdoor. The initial infection occurs through spear-phishing, in which targets receive emails with malicious Word attachments or links to them hosted on company servers. These emails claim to have urgent updates on the coronavirus pandemic and appear to come from a respected medical center.