Our private report gave details about the various droppers along with decoder scripts, as well as analysis of the DStealer backdoor and the large infrastructure we observed associated with the campaign. Last year, we described a campaign attributed to CloudComputating in which the APT actor exploited a known vulnerability to compromise publicly exposed Microsoft Exchange servers and infected them with the China Chopper web shell. ESET published a blog post in June describing a campaign targeting foreign affairs ministries and telecoms companies in Africa and the Middle East by an actor they dubbed BackdoorDiplomacy and categorized as Chinese-speaking. During our previous analysis, we found multiple ties in infrastructure and TTPs to the ShadowPad malware and UNC2643 activity.