From anomali.com
Based on a discovery in mid-February 2021, Anomali Threat Research assesses with low confidence that the APT cyberespionage group-for-hire Bahamut has been conducting malicious activity against multiple targets since at least June 4, 2020. While researching malicious files, our researchers analyzed a .docx file (List1.docx) that contained a shared bundled component with another .docx file that was communicating via template injection with lobertica.info, a domain previously attributed to Bahamut.[1] Further analysis of this file and the infection chain it follows is provided in subsequent sections below.