An APT actor active since 2010 that launches information-stealing campaigns. By repackaging legitimate software installers and utilizing waterhole attacks, the group installs backdoors in targeted systems. The primary victims are organizations representing the industrial/machinery building sector of European countries, the US, China, and Japan.