Malware, Threat Intelligence, Government security

China-linked groups conduct sophisticated cyber espionage against Southeast Asian government

China map outline, flag colors red, yellow glowing. Futuristic circuit board digital technology backdrop. High-tech data streams, innovation, modern design, connectivity global network.

Security Affairs reports that multiple China-linked threat groups executed a complex cyber campaign against a Southeast Asian government in 2025, employing a diverse array of malware and advanced techniques to achieve persistent access and exfiltrate sensitive data.

The campaign involved three distinct clusters: Mustang Panda (Stately Taurus), active from June to August; CL-STA-1048, overlapping with Earth Estries (Salt Typhoon) and Crimson Palace from March to September; and CL-STA-1049, associated with Unfading Sea Haze, active in April and August. Attackers deployed numerous malware families, including HIUPAN, PUBLOAD, EggStremeFuel, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st.

Mustang Panda notably utilized the USBFect worm to propagate PUBLOAD via infected USB drives, enabling lateral movement and data exfiltration. Other clusters employed multi-payload strategies and stealthy DLL sideloading techniques to maintain access and evade detection.

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds