https://arstechnica.com/information-technology/2019/09/advanced-hackers-are-infecting-it-providers-in-hopes-of-hitting-their-customers/

A previously undocumented attack group with advanced hacking skills has compromised 11 IT service providers, most likely with the end goal of gaining access to their customers' networks, researchers from security firm Symantec said on Wednesday.

The group, dubbed Tortoiseshell, has been active since at least July 2018 and has struck as recently as July of this year, researchers with the Symantec Attack Investigation Team said in a post. In a testament to Tortoiseshell’s skill, the new group used both custom and off-the-shelf hacking tools. At least two of the 11 compromises successfully gained domain admin level access to the IT providers’ networks, a feat that gave the group control over all connected machines.