In a blog post published on Tuesday, cybersecurity research and incident response company Mandiant said it became aware of the campaign in May 2021, when it was called in to investigate an attack on a U.S. state government network.

An analysis revealed that the attack had likely been carried out by a Chinese state-sponsored threat group known as APT41, Barium, Winnti, Double Dragon, Wicked Panda, and various other names. This prolific threat actor has conducted both cyberespionage operations and financially-motivated attacks, and is known for its sophisticated tools and techniques.