Those forced intruder actors have been at this game a long time. I infiltrated a number of them (their private forums/sites) back when on 98 to XP. Simply because they kept me up nights on end every single month when I was Mod in a popular global security forum (think adaware) and with another expert far greater talented, we both helped users who came limping in with infected machines. And the greater percentage of those tampered machines all had some up-to-date AV, but little matter. The other side was always picking every piece of code and file action they could muster to ride under AV's radar. They was successful then, and apparently they now have even more experience to build on to carry out new techniques to some success even today.
Android, macOS Versions of GravityRAT Spyware Spotted in Ongoing Campaign October 19, 2020 https://www.securityweek.com/android-macos-versions-gravityrat-spyware-spotted-ongoing-campaign Kaspersky: GravityRAT: The spy returns