CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign
Campaign
Summary
Hide ▲
Show ▼
The CL-UNK-1068 espionage campaign is active across Asia, putting aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications organizations at sustained risk. The operators use web server exploitation, web shells, and living-off-the-land binaries to gain footholds and stay hidden. Their tradecraft supports credential theft, lateral movement, and data exfiltration across Windows and Linux environments.
Related Happenings
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
CL-STA-1087 Southeast Asian military intelligence-collection campaign
Campaign
First: 13.03.2026 19:33
Last: 13.03.2026 19:33
Sources 1
About this happening:
A **suspected China-based** espionage operation tracked as **CL-STA-1087** is targeting **Southeast Asian military organizations**, creating a sustained intelligence-collection ri...
CL-STA-1087 Southeast Asian military intelligence-collection campaign
CampaignAbout this happening: A **suspected China-based** espionage operation tracked as **CL-STA-1087** is targeting **Southeast Asian military organizations**, creating a sustained intelligence-collection ri...
CL-UNK-1068 years-long espionage campaign targeting Asian organizations
Campaign
First: 09.03.2026 09:21
Last: 09.03.2026 09:21
Sources 1
About this happening:
A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...
CL-UNK-1068 years-long espionage campaign targeting Asian organizations
CampaignAbout this happening: A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...
Transparent Tribe AI-assisted implant campaign targeting India
Campaign
First: 06.03.2026 17:11
Last: 06.03.2026 17:11
Sources 1
About this happening:
**Transparent Tribe (APT36)** is using **AI-powered coding tools** to mass-produce disposable implants in an active **campaign** targeting the **Indian government**, its embassies...
Transparent Tribe AI-assisted implant campaign targeting India
CampaignAbout this happening: **Transparent Tribe (APT36)** is using **AI-powered coding tools** to mass-produce disposable implants in an active **campaign** targeting the **Indian government**, its embassies...
World Leaks RustyRocket malware activity
Malware Activity
First: 12.02.2026 15:30
Last: 12.02.2026 15:30
Sources 1
About this happening:
The **World Leaks** extortion group has added **RustyRocket**, a new **Rust** malware that helps it maintain **persistence** and **exfiltrate data** from victim networks. The tool...
World Leaks RustyRocket malware activity
Malware ActivityAbout this happening: The **World Leaks** extortion group has added **RustyRocket**, a new **Rust** malware that helps it maintain **persistence** and **exfiltrate data** from victim networks. The tool...
Timeline
-
09.03.2026 14:05 2 articles · 2mo ago
CL-UNK-1068 targets Asian critical infrastructure with cross-platform espionage tooling
Campaign Scope UpdatePalo Alto Networks Unit 42 describes CL-UNK-1068 as a Chinese-speaking threat cluster that has targeted aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications organizations across South, Southeast, and East Asia since at least 2020, using web-server exploitation, GodZilla Web shell, AntSword, Mimikatz, LsaRecorder, DumpIt, Volatility Framework, modified Fast Reverse Proxy (FRP), Xnote Linux backdoor, and custom Windows and Linux tooling to steal credentials, move laterally, persist, and exfiltrate data.
Show sources
- Chinese Cyber Threat Lurks In Critical Asian Sectors for Years — www.darkreading.com — 09.03.2026 14:05
- Chinese Cyber Threat Lurks In Critical Asian Sectors for Years — www.darkreading.com — 09.03.2026 14:05