A highly active threat actor engaged in gathering geo-political intelligence in Asia and primarily targeting government, civil, and military organizations from countries in the South China Sea. The attackers use a decoy Word document to download spyware—including their custom backdoor—on the victims’ computer without the victim becoming aware.