The Chinese cyber-espionage group dubbed ‘Thrip’ targets entities in Southeast Asia, including military, defense, telecom companies, satellite communications, media, and educational organizations.

Thrip threat actor group has been active since 2013 targeting organizations in Southeast Asia, Hong Kong, Macau, Indonesia, the Philippines, Malaysia, and Vietnam.
Researchers at Symantec first published details about Thrip in 2018 and has now confirmed that the group continues to target Southeast Asia.

In recent attacks, the group was spotted using a previously unseen backdoor dubbed ‘Hannotog’ and another backdoor dubbed ‘Sagerunex’. Thrip was also spotted using an info-stealer dubbed ‘Catchamas’.