The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers.

The trio, which share lineage with the more broadly defined Lazarus Group, are focused on espionage and cryptocurrency theft, according to CrowdStrike.

The vendors disclosed and patched the defects last summer, but not before advanced attackers exploited the vulnerabilities to likely gain prolonged access for espionage, according to Amazon.

The attacks, which involved fake job offers as a social engineering lure, were likely aimed at stealing proprietary information about drone manufacturing, ESET said in a report.

Phantom Taurus has stolen sensitive data from ministries of foreign affairs, embassies, diplomats and telecom networks in the Middle East, Africa and Asia, researchers said.

The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.

The group, linked to FSB Center 16, has been scanning the internet for end-of-life software, which it has found in droves.

A researcher tells CyberScoop that up to 80% of enterprises could be vulnerable to the zero-day Microsoft patched in its June update.

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.

The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days.