CL-UNK-1068 years-long espionage campaign targeting Asian organizations
Campaign
Summary
Hide ▲
Show ▼
A Chinese threat actor is linked to a years-long espionage campaign against high-value organizations in South, Southeast, and East Asia, creating persistent risk for critical sectors. The operation, tracked as CL-UNK-1068, has hit aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications organizations. Attackers used web-server exploitation, web shells, lateral movement, and credential theft to maintain access and steal sensitive files. The activity includes data exfiltration and is assessed as primarily driven by cyber espionage.
Related Happenings
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
Campaign
First: 06.05.2026 16:02
Last: 06.05.2026 16:02
Sources 1
About this happening:
The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
CampaignAbout this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
Ministry of Justice and Legal Affairs of Oman hit by network compromise
Incident
First: 06.05.2026 16:00
Last: 06.05.2026 16:00
Sources 1
About this happening:
The **Ministry of Justice and Legal Affairs of Oman** suffered an **active intrusion** that exposed **session logs** and **more than 26,000 user records**, raising risk to judicia...
Ministry of Justice and Legal Affairs of Oman hit by network compromise
IncidentAbout this happening: The **Ministry of Justice and Legal Affairs of Oman** suffered an **active intrusion** that exposed **session logs** and **more than 26,000 user records**, raising risk to judicia...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
Campaign
First: 01.05.2026 17:02
Last: 01.05.2026 17:02
Sources 1
About this happening:
**SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
CampaignAbout this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
Silk Typhoon / Hafnium coordinated intelligence-gathering campaign
Campaign
First: 27.04.2026 22:56
Last: 27.04.2026 22:56
Sources 1
About this happening:
The **Silk Typhoon / Hafnium** operation is tied to a **coordinated intelligence-gathering campaign** spanning **February 2020 to June 2021**, underscoring a sustained espionage e...
Silk Typhoon / Hafnium coordinated intelligence-gathering campaign
CampaignAbout this happening: The **Silk Typhoon / Hafnium** operation is tied to a **coordinated intelligence-gathering campaign** spanning **February 2020 to June 2021**, underscoring a sustained espionage e...
Latest development: 28.04.2026 15:30
US officials described Silk Typhoon/Hafnium activity from February 2020 to June 2021 as a coordinated intelligence-gathering campaign that targeted US universities and COVID-19 researchers, including a Texas university network, and later expanded into Microsoft Exchange Server vulnerability exploitation. The operation reportedly used stolen mailbox access to search for vaccines, treatments, and testing research, and the FBI said the campaign affected more than 12,700 US organizations.
Xu Zewei extradited for U.S. cyberespionage prosecution
Law Enforcement
First: 27.04.2026 22:56
Last: 27.04.2026 22:56
Sources 1
About this happening:
**Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...
Xu Zewei extradited for U.S. cyberespionage prosecution
Law EnforcementAbout this happening: **Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...
Timeline
-
09.03.2026 09:21 2 articles · 2mo ago
CL-UNK-1068 campaign disclosed by Palo Alto Networks Unit 42
Initial DisclosurePalo Alto Networks Unit 42 attributes a years-long campaign to a previously undocumented threat activity group called CL-UNK-1068, saying a Chinese threat actor targeted high-value organizations in South, Southeast, and East Asia across aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors. The activity uses web-server exploitation, web shells, lateral movement, DLL side-loading through python.exe and pythonw.exe, FRP, Xnote, Godzilla, ANTSWORD, WinRAR, certutil -encode, and credential theft tools such as Mimikatz, LsaRecorder, DumpItForLinux, Volatility Framework, and the SQL Server Management Studio Password Export Tool, with Unit 42 assessing cyber espionage as the primary objective.
Show sources
- Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure — thehackernews.com — 09.03.2026 09:21
- Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure — thehackernews.com — 09.03.2026 09:21