From bleepingcomputer.com
Threat actors ran a malvertising campaign on the Russian Yandex.Direct advertising network starting October 2018 to disseminate a malware cocktail designed to encrypt victims’ data and steal cryptocurrency.
The hacking group targeted Russian organizations using malicious payloads camouflaged as document templates and hosted on the GitHub code hosting platform, one of the goals being to steal sensitive cryptocurrency-related data.