Security researchers have discovered a new cyberespionage activity targeting Asian governments, along with state-owned aerospace and defence companies, telecom companies, and IT organisations.

This activity is carried out by a distinct threat group previously associated with the 'ShadowPad' RAT (remote access trojan). Recently, the threat actor has used a much broader set of tools. The most current campaign appears almost entirely focused on Asian governments or public entities, such as the head of government/Prime Minister's office, government-owned aerospace and defence companies, state-owned media companies, etc.

Chinese hackers are most likely behind these espionage campaigns, but the evidence is not credible enough to make a certain conclusion.