Threats Tagged 'cl-sta-1062'
View all threats tagged with 'cl-sta-1062'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cl-sta-1062'
Click on any threat for detailed analysis and mitigation recommendations
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure 0 Throughout 2025, Chinese-speaking threat actors tracked as CL-STA-1062 conducted extensive operations against government entities and critical infrastructure in Southeast Asia, specifically targeting state-owned enterprises in energy and government sectors. Active since March 2022, this cluster was previously identified as UAT-7237 in campaigns against Taiwan's web hosting infrastructure. The attackers employ a hybrid toolkit combining open-source tools like SoftEther VPN, Mimikatz, and VNT with a newly discovered custom backdoor called TinyRCT. This .NET-based backdoor provides capabilities including arbitrary command execution, file enumeration and exfiltration, screen capture, and self-destruct mechanisms. The infection chain typically begins with web application exploitation deploying ASPX web shells, followed by credential dumping, lateral movement, and data exfiltration. Between October and December 2025, at least ten organizations across Southeast Asia were compromised, demonstrating sustained regio... Join the discussion | AlienVault OTX General | 06/25/2026, 23:11:09 UTC Added: 06/26/2026, 08:31:07 UTC |
Showing 1 to 1 of 1 result