Experts analyzed tools and intrusion methods used by the China-linked cyber-espionage group Emissary Panda in attacks over the past 2 years. The group was involved in cyber espionage campaigns aimed at new generation weapons and in surveillance activities on dissidents and other civilian groups. The cyber spies delivered the threat in multiple ways, including malicious Word documents leveraging Dynamic Data Exchange (DDE), manual deployment via stolen credentials, or via a redirect from a strategic web compromise (SWC) Experts observed that the group usually returns to compromised networks every three months to verify its abilities to access it and that the web shells are correctly working.”]
Source: https://securityaffairs.co/wordpress/81805/apt/emissary-panda-attacks.html