Multiple threat actors are suspected to be behind attacks focused on the Foreign Affairs office of an ASEAN member.
The adversaries likely took advantage of a flaw in an Internet facing Microsoft Exchange server for initial access.
The DoorMe and SiestaGraph backdoors along with a Cobalt Strike beacon and multiple Windows binaries were used for lateral movement, exfiltrate sensitive data, and perform reconnaissance.