Symantec Threat Intelligence reported this on 19 May, 2020:
…
The “Greenbug” espionage group is actively targeting telecommunications companies in South Asia, with activity seen as recently as April 2020.There are indications that at least one of the companies was first targeted as early as April 2019.
Email appears to be the initial infection vector used by the group. Greenbug is using a mixture of off-the-shelf tools and living-off-the-land techniques in these attacks. It appears the group is interested in gaining access to database servers; we see it stealing credentials then testing connectivity to these servers using the stolen credentials.
…