APT28 campaign targeting Polish government institutions

CERT Polska and CSIRT MON observed a large-scale phishing campaign attributed to APT28 targeting Polish government institutions: emails link to run.mocky.io/webhook.site, deliver ZIPs containing a renamed Windows calculator executable plus a malicious WindowsCodecs.dll and BAT/VBS scripts that DLL side-load to run scripts which fetch further payloads, collect system information and send data to C2; the report includes technical analysis, recommended mitigations, and extensive IOCs (URLs and SHA256 hashes).