Malware samples using the Tawyna Grilth domains are tied to advanced persistent threat (APT) activity. But the researchers also found that “Tawnya’s” domain hosted a Black Hat search engine optimization service. Around 95 percent of the traffic on one of the malicious domains was traced to Vietnam. The attacks were targeting ministries and companies in Southeast Asia. The researchers also detailed in its Sin Digoo report a connection with the targeted attack on RSA that exposed its SecurID servers last year.”]
Source: https://www.darkreading.com/attacks-breaches/cybercriminal-by-day-cyber-spy-by-night-