The threat actor TA415 is targeting U.S. economic policy experts with a sophisticated cyber espionage campaign utilizing Visual Studio Code remote tunnels for long-term access. Attackers employ spear-phishing with malicious archives that launch a Python loader, establishing persistent backdoor connections and exfiltrating data through cloud services. This evolved technique now embeds the malicious loader directly within the initial archive, increasing stealth and efficiency.