A state-aligned cyber group from Asia has compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, compromising at least 70 organizations and maintaining access for months, as reported by The Register.The group, tracked as TGR-STA-1030 by Palo Alto Networks Unit 42, targeted entities including national police, border control, parliaments, senior elected officials, and telecommunications companies. Sensitive data, such as financial negotiations, banking information, and military updates, was exfiltrated from victim email servers. The attackers utilized phishing emails and exploited known vulnerabilities in Microsoft Exchange, SAP, and Atlassian products. They also developed a new Linux kernel rootkit called ShadowGuard for stealthy operations and leveraged geopolitical events, like the US government shutdown and meetings involving the Dalai Lama, to inform their reconnaissance and targeting strategies against government infrastructure in the Americas, Europe, Asia, and Africa.The extensive reach and sophisticated methods employed by TGR-STA-1030 highlight a significant and persistent threat to national security and critical services globally. Agencies like CISA are actively tracking the group and collaborating with international partners to detect and mitigate these threats.Source: The Register
Threat Intelligence, Critical Infrastructure Security
State-aligned global espionage campaign hits 70 organizations

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



