Asian State-Backed Group TGR-STA-1030 Targets 70 Government and Infrastructure Entities
Summary
Hide ▲
Show ▼
A previously undocumented cyber espionage group, TGR-STA-1030, has breached at least 70 government and critical infrastructure organizations across 37 countries over the past year. The group, assessed to be of Asian origin, leverages phishing emails and exploits N-day vulnerabilities to deploy malware and maintain long-term access for espionage purposes. Targets include national law enforcement, ministries of finance, and departments related to economic, trade, natural resources, and diplomatic functions. The group uses a variety of tools, including Cobalt Strike, Behinder, and a Linux kernel rootkit named ShadowGuard.
Timeline
-
06.02.2026 14:07 1 articles · 10h ago
TGR-STA-1030 Compromises 70 Government and Infrastructure Entities
A previously undocumented cyber espionage group, TGR-STA-1030, has breached at least 70 government and critical infrastructure organizations across 37 countries over the past year. The group, assessed to be of Asian origin, leverages phishing emails and exploits N-day vulnerabilities to deploy malware and maintain long-term access for espionage purposes. Targets include national law enforcement, ministries of finance, and departments related to economic, trade, natural resources, and diplomatic functions. The group uses a variety of tools, including Cobalt Strike, Behinder, and a Linux kernel rootkit named ShadowGuard.
Show sources
- Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities — thehackernews.com — 06.02.2026 14:07
Information Snippets
-
TGR-STA-1030 has compromised 70 government and critical infrastructure organizations across 37 countries.
First reported: 06.02.2026 14:071 source, 1 articleShow sources
- Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities — thehackernews.com — 06.02.2026 14:07
-
The group has been active since January 2024 and is assessed to be of Asian origin.
First reported: 06.02.2026 14:071 source, 1 articleShow sources
- Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities — thehackernews.com — 06.02.2026 14:07
-
Phishing emails are used to deliver a ZIP archive containing the Diaoyu Loader malware.
First reported: 06.02.2026 14:071 source, 1 articleShow sources
- Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities — thehackernews.com — 06.02.2026 14:07
-
The malware employs a dual-stage execution guardrail to evade sandbox analysis.
First reported: 06.02.2026 14:071 source, 1 articleShow sources
- Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities — thehackernews.com — 06.02.2026 14:07
-
The group exploits N-day vulnerabilities in software from Microsoft, SAP, Atlassian, Ruijieyi Networks, Commvault, and Eyou Email System.
First reported: 06.02.2026 14:071 source, 1 articleShow sources
- Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities — thehackernews.com — 06.02.2026 14:07
-
Tools used by the group include Cobalt Strike, Behinder, Godzilla, and a Linux kernel rootkit named ShadowGuard.
First reported: 06.02.2026 14:071 source, 1 articleShow sources
- Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities — thehackernews.com — 06.02.2026 14:07