China-Linked APT Targets Southeast Asian Militaries with AppleChris and MemFun Malware

First reported

13.03.2026 19:33

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A China-linked cyber espionage operation, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020. The campaign, characterized by strategic patience and precision intelligence collection, uses custom malware like AppleChris and MemFun to maintain persistent access and evade detection. The attackers focus on military capabilities, organizational structures, and collaborative efforts with Western forces. The malware employs advanced techniques such as DLL hijacking, process hollowing, and sandbox evasion to avoid detection. The campaign includes the use of Pastebin and Dropbox for command-and-control (C2) communication, with some variants using Pastebin as a fallback. The threat actors also utilize a custom version of Mimikatz, named Getpass, to extract credentials and escalate privileges.

Timeline

13.03.2026 19:33 1 articles · 2h ago

China-Linked APT Targets Southeast Asian Militaries with AppleChris and MemFun Malware
A China-linked cyber espionage operation, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020. The campaign, characterized by strategic patience and precision intelligence collection, uses custom malware like AppleChris and MemFun to maintain persistent access and evade detection. The attackers focus on military capabilities, organizational structures, and collaborative efforts with Western forces. The malware employs advanced techniques such as DLL hijacking, process hollowing, and sandbox evasion to avoid detection. The campaign includes the use of Pastebin and Dropbox for command-and-control (C2) communication, with some variants using Pastebin as a fallback. The threat actors also utilize a custom version of Mimikatz, named Getpass, to extract credentials and escalate privileges.
Show sources

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware — thehackernews.com — 13.03.2026 19:33
Open in new tab

Information Snippets

The campaign, tracked as CL-STA-1087, is linked to a China-based APT group.
First reported: 13.03.2026 19:33

1 source, 1 article
Show sources
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware — thehackernews.com — 13.03.2026 19:33
The attackers use custom malware including AppleChris, MemFun, and Getpass.
First reported: 13.03.2026 19:33

1 source, 1 article
Show sources
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware — thehackernews.com — 13.03.2026 19:33
The malware employs advanced techniques such as DLL hijacking and process hollowing.
First reported: 13.03.2026 19:33

1 source, 1 article
Show sources
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware — thehackernews.com — 13.03.2026 19:33
The campaign dates back to at least September 2020, with Pastebin pastes used for C2 communication.
First reported: 13.03.2026 19:33

1 source, 1 article
Show sources
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware — thehackernews.com — 13.03.2026 19:33
The attackers focus on military capabilities, organizational structures, and collaborative efforts with Western forces.
First reported: 13.03.2026 19:33

1 source, 1 article
Show sources
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware — thehackernews.com — 13.03.2026 19:33