CERT Polska Case Study of Malicious Actors
This group is active since at least 2013 and was responsible for multiple different malware campaigns in multiple different countries. Their main infection vector is phishing e-mails, which are designed to resemble tracking e-mails from different post offices around the world. This includes, among others, Poland, Australia, United Kingdom and Spain. The authors of this report are CERT Polska, it is the first Polish computer emergency response team.
The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) – a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.
More information and timeline of all of the campaigns are presented in CERT Polska report here - http://www.cert.pl/PDF/The_Postal_Group.pdf