ESET malware researchers Matthieu Faou and Francis Labelle say that the group has been running cyber-espionage campaigns since at least 2011. XDSpy s main interest is in the Eastern Europe and Balkans regions (Belarus, Moldova, Russia, Serbia, and Ukraine), targeting primarily government agencies (military, Ministries of Foreign Affairs), although private companies are also among its victims. In more recent operations, the actor exploited a vulnerability in Internet Explorer (CVE-2020-0968 – patched in April) on which little was known at the time and no proof-of-concept exploit code existed.
Source: https://www.bleepingcomputer.com/news/security/xdspy-cyber-espionage-group-operated-discretely-for-nine-years/