Companies in the video game industry and possibly other sectors have been targeted in attacks involving improved variants of the notorious PlugX remote access trojan (RAT).

Palo Alto Networks has spotted several interesting PlugX samples believed to have been used by the same threat actor. While the company has not provided any details on the actor behind these attacks, PlugX has often been used by China-linked threat groups.

The attacks start with a malicious Word document named “New Salary Structure 2017.doc,” which exploits CVE-2017-0199, an Office vulnerability that has been used by several threat actors, including ones linked to China and Iran.