Recently, there was a blog post on the takedown of a botnet used by threat actor group known as Group 72 and their involvement in Operation SMN. This group is sophisticated, well funded, and exclusively targets high profile organizations with high value intellectual property in the manufacturing, industrial, aerospace, defense, and media sector. The primary attack vectors are watering-hole, spear phishing, and other web-based attacks.
more here...........http://blogs.cisco.com/security/talos/opening-zxshell/
more here...........http://blogs.cisco.com/security/talos/opening-zxshell/