An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020. Group-IB detected overlaps between new founded malware 'Webdav-O', popular Trojan called "BlueTraveller" and a malware strain named "Albaniiutas". Experts are asking questions - can it be that there is one group behind the development or different, but pursuing the same goals?