The China-linked threat actor Earth Estries has been targeting telecommunications companies and government networks in Southeast Asia and beyond, using sophisticated malware like the newly discovered GHOSTSPIDER backdoor and MASOL RAT. Active since at least 2020, the group has compromised over 20 entities across industries such as technology, consulting, and government, affecting victims in over a dozen countries, including the U.S., India, and Malaysia. Earth Estries exploits known security flaws in systems like Ivanti Connect Secure, Fortinet, and Microsoft Exchange to gain initial access and deploy advanced malware, including the Demodex rootkit and Deed RAT. The group's operations demonstrate a high degree of sophistication, using multi-modular implants, stealthy techniques, and distinct command-and-control infrastructures to enable long-term cyber espionage. These attacks underscore China's evolving cyber capabilities, shifting toward bulk data collection and prolonged targeting of telecoms and service providers.