“APT17 is a Chinese threat group that has been targeting United States government organizations, the military, law firms, defense contractors, IT firms, mining companies, and NGOs. One of the tools leveraged by the group is BLACKCOFFEE, a backdoor that can be used to upload and download files, create a reverse shell on the infected system, enumerate files and processes, manipulate files, and terminate processes.”
Source: Chinese Threat Group Uses Microsoft’s TechNet Portal to Host C&C IPs | SecurityWeek.Com