Find notable cyber news and cases, enriched with sources, timelines, and signals.

CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

The CL-UNK-1068 espionage campaign is active across Asia, putting aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications organizations at sustained risk. The operators use web server exploitation, web shells, and living-off-the-land binaries to gain footholds and stay hidden. Their tradecraft supports credential theft, lateral movement, and data exfiltration across Windows and Linux environments.

Related Happenings

SprySOCKS Windows backdoor activity against government organizations

Malware Activity
H score23 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
H score58 First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 03.06.2026 14:00

President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.

CL-STA-1087 Southeast Asian military intelligence-collection campaign

Campaign
H score32 First: 13.03.2026 19:33 Last: 13.03.2026 19:33 Sources 1

About this happening: A **suspected China-based** espionage operation tracked as **CL-STA-1087** is targeting **Southeast Asian military organizations**, creating a sustained intelligence-collection ri...

CL-UNK-1068 years-long espionage campaign targeting Asian organizations

Campaign
H score38 First: 09.03.2026 09:21 Last: 09.03.2026 09:21 Sources 1

About this happening: A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...

Transparent Tribe AI-assisted implant campaign targeting India

Campaign
H score32 First: 06.03.2026 17:11 Last: 06.03.2026 17:11 Sources 1

About this happening: **Transparent Tribe (APT36)** is using **AI-powered coding tools** to mass-produce disposable implants in an active **campaign** targeting the **Indian government**, its embassies...

Timeline

  1. 09.03.2026 14:05 2 articles · 4mo ago

    CL-UNK-1068 targets Asian critical infrastructure with cross-platform espionage tooling

    Campaign Scope Update

    Palo Alto Networks Unit 42 describes CL-UNK-1068 as a Chinese-speaking threat cluster that has targeted aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications organizations across South, Southeast, and East Asia since at least 2020, using web-server exploitation, GodZilla Web shell, AntSword, Mimikatz, LsaRecorder, DumpIt, Volatility Framework, modified Fast Reverse Proxy (FRP), Xnote Linux backdoor, and custom Windows and Linux tooling to steal credentials, move laterally, persist, and exfiltrate data.

    Show sources