The threat group has been using a new initial access vector and a novel malware family in the first stages of its attack.