UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica, Vimeo, GitHub and GitLab to surreptitiously deliver malware. Another interesting detail about UNC4990 it’s mostly targeting organizations located in Italy (particularly within the health, transportation, construction, and logistics sectors) and is likely based in that country, as well.

Source: Help Net Security