According to the IT security consultant, the initial intrusion chain begins with a spear-phishing email — an email that is designed to get the user to install a virus, trojan or other malware, reports Pentapostagma.

Often, the emails pretend to be from government agencies, and also come attached with a fake document — such as an IT return — and urges the user to download and open it, reports the news portal.

The firm even claimed that hackers would create fake websites that people working in the targeted organization would generally access.

“The email content attempts to lure the user into extracting the attached zip archive. Upon extraction, the user would see a document file which is in fact an extension spoofed LNK file which is usually seen as shortcuts,” the company said as quoted by the news portal.

“If the user opens the document, the LNK payload gets launched and initiates the malicious activities in the background. To ensure the user is not suspicious, a decoy document is presented to him/her,” it said.