A variant of espionage malware that plagued government entities and other organizations across the globe has returned with a new toolset and a different set of victims.

MiniDuke, customized malware that previously took advantage of a patched Adobe Reader vulnerability, has been discovered by Kaspersky researchers to once again be active, only now attackers have created a variant of the malware.

Dubbed “CosmicDuke” or “TinyBaron,” the new backdoor is likely spread as an exploit attachment via spearphishing and spoofs popular applications such as Java, Google, and Adobe – mimicking attributes such as file size, information, and icons, Kurt Baumgartner, principal security researcher at Kaspersky Lab, told SCMagazine.com in an email correspondence.

Additionally, a new set of victims is being targeted.

“Some are clustered around controlled and illegal substances, and others are clustered around telecoms, government, military, and energy [sectors],” Baumgartner said.