Securonix cybersecurity experts say a group dubbed "TACTICAL#OCTOPUS" has been active amid the approach of the April 18 U.S. tax deadline and spreading malware via fake tax-related file downloads, reports The Record, a news site by cybersecurity firm Recorded Future. According to researchers, the cybercriminals' campaign starts with emails with tax-related names and containing password-protected .zip files, which themselves contain one image file and one .lnk file. The attackers achieve code execution access once the victim opens the shortcut file, upon which a false PDF file and other files are downloaded onto the target computer and opened in the default PDF viewer while the attackers begin their operation, which includes keystroke logging and clipboard data capturing. Securonix noted that among the IP addresses linked to the campaign were two that are registered to Russia-based Petersburg Internet Network and one linked to Des Capital, a U.S. company. "Since all the samples that Securonix Threat Research identified are fairly recent, it's clear that this campaign is still ongoing," the researchers added.