This threat actor has been active since mid-2017, targeting mainly health-care, media, telecommunications, and engineering organizations in Singapore, in addition to multinational companies with a presence in the country. The group has also targeted defense, telecommunications, and energy companies in Russia, the United Kingdom, and Southeast Asia. The group relies on a combination of custom malware, open-source hacking tools, and legitimate applications to achieve its goals.