APT 30 is another threat group that is suspected to be associated with the Chinese government
They have been active since at least 2008, and they mainly target government and private sector agencies in the South China Sea region
History
They use spear-phishing techniques to deliver malicious attachments or links to their victims
They have a variety of malware tools, such as BACKSPACE, FLASHFLOOD, NETEAGLE, SHIPSHAPE, and SPACESHIP, that allow them to collect, compress, encrypt, and exfiltrate data
They also use removable media, such as USB drives, to spread their malware and steal data from offline or air-gapped systems
They are interested in geopolitical, economic, and military information related to the South China Sea dispute, as well as the activities of media, journalists, and dissidents