PKPLUG: Researchers at the Palo Alto Unit 42 group have released what they are calling a playbook on the group PKPLUG, dating attacks back almost six years. It is still not known if the suspected Chinese-backed PKPLUG is a single threat actor or several groups sharing the same tactics, techniques, and procedures (TTPs). Nonetheless, PKPLUG is known for using malware and other known programs to create backdoors into their victims’ mobile devices and computers. The group is known to use the PlugX remote access trojan (RAT), Android malware called HenBox, the 9002 RAT, Poison Ivy RAT, Zupax backdoor, and most recently a Windows backdoor called Farseer. The main targets for these attacks include people in Myanmar, Vietnam, Indonesia, Taiwan, Tibet, all the Mongolian countries, Xinjiang, and other provinces in southeast Asia that are of interest to the Government of China.