Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

CL-STA-1062 Southeast Asia critical infrastructure campaign using TinyRCT

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

A China-linked campaign by CL-STA-1062 is targeting government entities and critical infrastructure across Southeast Asia, creating sustained compromise risk for multiple regional organizations. The activity has been active since at least March 2022 and was still being observed throughout 2025. The operation reached state-owned enterprises in the energy and government sectors, with likely compromises in several organizations. The actors also introduced the TinyRCT backdoor to support persistent access, command execution, and exfiltration.

Related Happenings

TinyRCT backdoor with persistence, exfiltration, and self-deletion

Malware Activity
H score22 First: 26.06.2026 13:30 Last: 26.06.2026 13:30 Sources 1

How related: Additionally, the threat group used TinyRCT for the first time, a previously undocumented backdoor designed to provide persistent access and control over compromised systems.

About this happening: The **TinyRCT** backdoor appeared in a **2025** intrusion operation, adding stealthy **persistent access** and **control** to the attackers' toolkit. It also supports **command ex...

Open Happening

Webworm multi-country targeting campaign against government and enterprise victims

Campaign
H score38 First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...

Open Happening

Red Menshen telecom espionage campaign

Campaign
H score33 First: 26.03.2026 19:40 Last: 26.03.2026 19:40 Sources 1

About this happening: A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...

Open Happening

UNC2814 multi-country cyber espionage campaign

Campaign
H score25 First: 25.02.2026 19:46 Last: 25.02.2026 19:46 Sources 1

About this happening: The **UNC2814** espionage campaign was disrupted after it was tied to breaches at **53 organizations** across **42 countries**, reducing infrastructure used for long-term access a...

Open Happening

TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation

Campaign
H score30 First: 07.02.2026 17:09 Last: 07.02.2026 17:09 Sources 1

About this happening: The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...

Open Happening

Timeline

  1. 25.06.2026 03:00 2 articles · 1d ago

    Unit 42 uncovers CL-STA-1062 campaign targeting Southeast Asian critical infrastructure

    Initial Disclosure

    Palo Alto Networks Unit 42 identified a China-linked campaign by CL-STA-1062 targeting government entities and critical infrastructure in Southeast Asia, including state-owned enterprises in the energy and government sectors. The researchers said the activity had been active since at least March 2022, was observed throughout 2025, and involved the previously undocumented TinyRCT backdoor alongside SoftEther VPN, Mimikatz, and VNT.

    Show sources
    Open in new tab