Threat Research

A state-sponsored threat cluster tracked as CL-STA-1087, suspected to be linked to China, has conducted a long-term cyber espionage campaign targeting military organizations in Southeast Asia since at least 2020. The attackers focused on collecting sensitive intelligence related to military capabilities, organizational structures, and cooperation with Western armed forces....

Since at least 2020, we have observed a cluster of activity targeting high-value organizations across South, Southeast, and East Asia. The attacks focus on critical sectors including aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications. This ongoing and previously undocumented activity is being tracked as CL-UNK-1068....

Operation highlights how the Chinese-linked threat actor Ink Dragon is expanding and refining its cyber-espionage campaigns. The group has shifted increased attention toward European government targets while maintaining activity in Southeast Asia and South America....

LongNosedGoblin is a newly identified China-aligned APT group focused on cyberespionage against governmental institutions in Southeast Asia and Japan. Active since at least September 2023, the group leverages Windows Group Policy to deploy malware and move laterally within compromised networks, while using cloud services like OneDrive and Google Drive for command-and-control....

Silent Lynx is an espionage-driven APT group known for spear-phishing campaigns impersonating government officials to target Central Asian, Russian, and Southeast Asian entities. Recent analysis shows the group’s slow tactical evolution, using fake RAR archives and malicious .NET implants, while making operational errors that exposed new infrastructure....