Kaspersky researchers discovered QSC, a multi-plugin malware framework used by the CloudComputating group in cyber espionage campaigns. QSC consists of a Loader, Core module, Network module, File Manager module, and Command Shell module, allowing attackers to load specific plugins on demand. The framework was deployed alongside a new Golang-based backdoor called GoClient. Attackers used stolen domain admin credentials to move laterally and deploy QSC on other machines within compromised networks. The campaigns targeted telecommunication companies in South and West Asia, with attackers collecting system information, accessing domain controllers, and exfiltrating sensitive data.