Chinese cyber-spies have engaged in a hacking spree that targeted at least four US think tanks and an additional two non-governmental organizations. The attacks started in late October and were carried out in a similar manner, by infecting targets and deploying the Mimikatz credentials harvester and China Chopper web shell on affected servers. Attackers collected the emails of employees, stole credentials, and deployed second-stage malware. Intruders also used malware to search and steal documents containing terms such as “china
Source: and eager lion (codename of a US military exercise)”