CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign
Campaign
Summary
Hide ▲
Show ▼
The CL-UNK-1068 espionage campaign is active across Asia, putting aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications organizations at sustained risk. The operators use web server exploitation, web shells, and living-off-the-land binaries to gain footholds and stay hidden. Their tradecraft supports credential theft, lateral movement, and data exfiltration across Windows and Linux environments.
Related Happenings
SprySOCKS Windows backdoor activity against government organizations
Malware Activity
H score23
First: 16.06.2026 12:00
Last: 16.06.2026 12:00
Sources 1
About this happening:
**SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...
SprySOCKS Windows backdoor activity against government organizations
Malware ActivityAbout this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
H score58
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 03.06.2026 14:00
President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.
CL-STA-1087 Southeast Asian military intelligence-collection campaign
Campaign
H score32
First: 13.03.2026 19:33
Last: 13.03.2026 19:33
Sources 1
About this happening:
A **suspected China-based** espionage operation tracked as **CL-STA-1087** is targeting **Southeast Asian military organizations**, creating a sustained intelligence-collection ri...
CL-STA-1087 Southeast Asian military intelligence-collection campaign
CampaignAbout this happening: A **suspected China-based** espionage operation tracked as **CL-STA-1087** is targeting **Southeast Asian military organizations**, creating a sustained intelligence-collection ri...
CL-UNK-1068 years-long espionage campaign targeting Asian organizations
Campaign
H score38
First: 09.03.2026 09:21
Last: 09.03.2026 09:21
Sources 1
About this happening:
A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...
CL-UNK-1068 years-long espionage campaign targeting Asian organizations
CampaignAbout this happening: A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...
Transparent Tribe AI-assisted implant campaign targeting India
Campaign
H score32
First: 06.03.2026 17:11
Last: 06.03.2026 17:11
Sources 1
About this happening:
**Transparent Tribe (APT36)** is using **AI-powered coding tools** to mass-produce disposable implants in an active **campaign** targeting the **Indian government**, its embassies...
Transparent Tribe AI-assisted implant campaign targeting India
CampaignAbout this happening: **Transparent Tribe (APT36)** is using **AI-powered coding tools** to mass-produce disposable implants in an active **campaign** targeting the **Indian government**, its embassies...
Timeline
-
09.03.2026 14:05 2 articles · 4mo ago
CL-UNK-1068 targets Asian critical infrastructure with cross-platform espionage tooling
Campaign Scope UpdatePalo Alto Networks Unit 42 describes CL-UNK-1068 as a Chinese-speaking threat cluster that has targeted aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications organizations across South, Southeast, and East Asia since at least 2020, using web-server exploitation, GodZilla Web shell, AntSword, Mimikatz, LsaRecorder, DumpIt, Volatility Framework, modified Fast Reverse Proxy (FRP), Xnote Linux backdoor, and custom Windows and Linux tooling to steal credentials, move laterally, persist, and exfiltrate data.
Show sources
- Chinese Cyber Threat Lurks In Critical Asian Sectors for Years — www.darkreading.com — 09.03.2026 14:05
- Chinese Cyber Threat Lurks In Critical Asian Sectors for Years — www.darkreading.com — 09.03.2026 14:05