This is the APT41 / Barium / Winnti / Wicked Panda / Wicked Spider intrusion group https://twitter.com/TheJusticeDept/status/1306252806366662659

Some interesting points for infosec folks:
1) Very rapid turnarounds of publicly disclosed security exploits into active campaigns
2) Most of this group's activities were targeting IoT/router/VPN things that corps are less good at quickly patching

(+annotated)

Part of what makes this group "advanced" is leveraging compromises to enable further compromises and persistence. So here, for example, compromising victim #1, stealing their code signing certs, and pushing signed malware to that victim's targeted customers

This is also a laundry-list of many key problems for infosec:
1) Spear-phishing: still problematic
2) Supply-chain (malicious update) compromises
3) Breaking into corp networks via rapid-turnaround public bugs in unpatched IoT/VPN/routers and then pivoting to the internal network