Skilled hacking group with a focus on high-profile targets
https://www.bleepingcomputer.com/news/security/ghostemperor-hackers-use-new-windows-10-rootkit-in-attacks/
Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit.
The hacking group, dubbed GhostEmperor by Kaspersky researchers who spotted it, use the Demodex rootkit, which acts as a backdoor to maintain persistence on compromised servers.