A newly discovered threat group that security researchers call TortoiseShell is compromising IT providers in what seems to be supply-chain attacks intended to reach the network of specific customers. Most of the targets are based in Saudi Arabia and in at least two cases there are enough clues to conclude that the attacker had privileges of a domain administrator, which come with access to all systems on the network. The most recent time the threat group was seen active is two months ago, in July. The group relies on both custom and ready-made malware for their operations.
Source: https://www.bleepingcomputer.com/news/security/new-tortoiseshell-group-hacks-11-it-providers-to-reach-their-customers/