Symantec researchers announced the discovery of a new espionage group they nicknamed Thrip in a blog post Tuesday afternoon.

The details: Thrip appears to be launched from systems in China and targets satellite communications, geospatial imaging systems, military and telecoms in the U.S. and Asia.

Thrip has been active since at least 2013.

The group initially used custom malware but adjusted to a technique known as "living off the land" — using common free tools with legitimate uses that do not draw suspicion. It still uses several pieces of custom malware against high priority systems.

Symantec is crediting an artificial intelligence threat-tracking system for discovering Thrip — it flagged an irregular use of one of these tools.

Correction: This post originally reported the group's nickname, incorrectly, as "Thirp."