New research looks at a very crafty threat actor that specifically targets and compromises transport and logistics firms, then sends malware via existing email threads. They have custom social engineering too, appear to do their research on targets https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering