This talk will provide you insight by the researcher into a South-East Asia botnet operator and it's correlation with an ongoing campaign of grand scale espionage via disassociated operational collection infrastructure. The group are a highly organised, long-term state actor operating as a disassociated data and network service technology provider. Which maintain and provide access to a large-scale botnet comprised of compromised Small Office/Home Office (SOHO) routers and Virtual Private Servers that route and tunnel victim traffic thru layers of network obfuscater and relaying infrastructure. The infrastructure is leveraged to support a variety of malicious activities, including espionage and network attacks, for multiple threat actors. Their operations and maintenance of their infrastructure; demonstrate a sophisticated understanding of network infrastructure, custom malware development, and resilient C2 methodologies.