Kaspersky Lab on Friday posted about an advanced threat actor – dubbed ‘Animal Farm' – that has been active since at least 2009 and has been observed exploiting zero-day vulnerabilities.

Kaspersky Lab observed Animal Farm using tools known as Bunny, Dino, Babar, NBot, Tafacalou and Casper to compromise targets in Syria, Iran and Malaysia. Victims were additionally identified in the U.S., China, Turkey and a variety of other locations.

The group has targeted government organizations, military contractors, humanitarian aid organizations, private companies, journalists and media groups, and activists, according to the post, which credits Cyphort, G-DATA and ESET with their own individual research on the group.

Citing documents leaked by Edward Snowden and published by Der Spiegel in January, the posts noted that a French intelligence agency is suspected of carrying out the operations.