An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.
Threatpost