Some hints suggest the group has been successful enough to have recently expanded its operations, perhaps after proving its effectiveness and the value of the data stolen.
This is quite worrying, especially given the fact that no 0 days or advanced techniques were used against such high profile targets.
Likely operating from India.
A threat actor targeting a variety of high-profile diplomatic and economic entities. They use a custom toolkit to deliver malware capable of stealing files and data. The victims are typically reached via spear-phishing or watering hole attacks.