We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.
Article Link: Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC | Trend Micro (US)