Researchers at Sophos published on Tuesday its second report covering what they call Crimson Palace — a Southeast Asia-based espionage campaign run by Chinese state-backed hackers.
https://news.sophos.com/en-us/2024/09/10/crimson-palace-new-tools-tactics-targets/
Sophos examined activities last year by the three groups carrying out the campaign but after a brief hiatus researchers saw renewed activity from two of them in the fall of 2023 and throughout this year
https://therecord.media/chinese-hacking-groups-stole-from-se-asia
The three groups — which Sophos calls Cluster Alpha, Cluster Bravo and Cluster Charlie — each have ties to Chinese state-backed groups previously identified by other companies and governments - including APT15 and a subgroup of APT41 known by some researchers as “Earth Longzhi.”
https://therecord.media/tag/apt41
https://therecord.media/apt15-nickel-graphican-backdoor
The report follows up on one released in June about attacks on an unnamed government organization.