Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CL-STA-1087 Southeast Asian military intelligence-collection campaign

Campaign
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

A suspected China-based espionage operation tracked as CL-STA-1087 is targeting Southeast Asian military organizations, creating a sustained intelligence-collection risk that has persisted since at least 2020. The operation matters because it focuses on highly specific military files and uses covert access techniques to keep long-term footholds. Researchers linked the cluster to Pastebin- and Dropbox-based command handling, underscoring a disciplined operator setup. The intrusion chain includes PowerShell, reverse shells, and DLL hijacking to support persistence and stealth.

Related Happenings

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

Open Happening

SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets

Campaign
First: 01.05.2026 17:02 Last: 01.05.2026 17:02 Sources 1

About this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...

Open Happening

CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign

Campaign
First: 09.03.2026 14:05 Last: 09.03.2026 14:05 Sources 1

About this happening: The **CL-UNK-1068** espionage campaign is active across **Asia**, putting **aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications** or...

Open Happening

CL-UNK-1068 years-long espionage campaign targeting Asian organizations

Campaign
First: 09.03.2026 09:21 Last: 09.03.2026 09:21 Sources 1

About this happening: A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...

Open Happening

TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation

Campaign
First: 07.02.2026 17:09 Last: 07.02.2026 17:09 Sources 1

About this happening: The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...

Open Happening

Timeline

  1. 13.03.2026 19:33 2 articles · 2mo ago

    Unit 42 discloses CL-STA-1087 campaign against Southeast Asian military organizations

    Initial Disclosure

    Palo Alto Networks Unit 42 disclosed a suspected China-based cyber espionage campaign, tracked as CL-STA-1087, targeting Southeast Asian military organizations and focused on highly specific military intelligence collection rather than bulk theft. The reported activity included suspicious PowerShell execution followed by reverse shells to a threat actor-controlled C2 server, with tooling that included the AppleChris and MemFun backdoors and the Getpass credential harvester. Researchers also described Pastebin- and Dropbox-based C2 resolution, DLL hijacking, process hollowing, sandbox evasion, and collection of files related to military capabilities, organizational structures, and C4I systems.

    Show sources
    Open in new tab