The DeathStalker advanced persistent threat (APT) group is using spear-phishing emails to target law firms and companies in the financial sector, according to Russian cybersecurity company Kaspersky. It also may be leveraging these cyberattacks to gather sensitive business data to offer hacking-for-hire services.Recent DeathStalker attacks involved the use of spear-phishing emails with attached archives containing a malicious LNK file, Kaspersky indicated. They enabled cybercriminals to execute PowerShell scripts and take control of victims' machines.During DeathStalker attacks, cybercriminals capture periodic screenshots from a victim's machine, Kaspersky noted. They also run tests to identify security tools on a victim's machine and update PowerShell scripts to avoid detection.In addition, the DeathStalker toolchain uses Reddit, Twitter, YouTube and other public services as "dead drop resolvers," Kaspersky stated. These services allow cybercriminals to store data at a fixed URL via public posts, comments, user profiles and content descriptions. DeathStalker has been linked to the Janicab and Evilnum malware families, Kaspersky pointed out. Furthermore, DeathStalker attacks have been ongoing since 2018, and some of these attacks may date back to 2012.