Recent campaigns involved exploits against Exchange and MySQL servers. Group has heavy focus on telecoms sector.
Symantec, part of Broadcom Software, has linked the recently discovered Sidewalk backdoor to the China-linked Grayfly espionage group.
The malware, which is related to the older Crosswalk backdoor (Backdoor.Motnug) has been deployed in recent Grayfly campaigns against a number of organizations in Taiwan, Vietnam, the United States, and Mexico.
A feature of this recent campaign was that a large number of targets were in the telecoms sector.
The group also attacked organizations in the IT, media, and finance sectors.