A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems. Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan. The group has been careful to hide their activity by modifying the registry keys, granting them the ability to surreptitiously maintain persistence on the target device without attracting attention. The covert operation is said to have begun at least in January 2021.
Source: https://thehackernews.com/2021/06/pakistan-linked-hackers-targeted-indian.html