Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017. Researchers have identified three clusters of attacks that show a common agenda but use different tactics as a means to accomplish it. The attacks show an aggressive assault by China on the security of critical infrastructure that similarly to the SolarWinds and Kaseya attacks compromise third-party service providers to ultimately attack their customers while undermining those trust relationships.
Source: https://threatpost.com/deadringer-targeted-exchange-servers-before-discovery/168300/