@tek In 2019 we wrote something about them. Don't ask me why but it seems the link to our research is dead now, but you can find it here https://web.archive.org/web/20190719200241/https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/

At the time, we stated the following: "Our findings indicate that the campaign appears to be the work of a group involved in business email compromise (BEC) or cybercrime, and unlikely to be an advanced persistent threat (APT)."
Part of this assessment comes from the targeted verticals: "Notably, we noticed that multiple employee savings funds (called “Fondo de empleados” in Colombia) were targeted. These entities barely have access to sensitive information, but they are likely to possess a reasonable amount of money."

I have not followed the group then (only a quick follow up in 2021 https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html )

We did not perform incident response on this, so we could still be wrong. Hope this helps