Security Affairs reports that multiple China-linked threat groups executed a complex cyber campaign against a Southeast Asian government in 2025, employing a diverse array of malware and advanced techniques to achieve persistent access and exfiltrate sensitive data.The campaign involved three distinct clusters: Mustang Panda (Stately Taurus), active from June to August; CL-STA-1048, overlapping with Earth Estries (Salt Typhoon) and Crimson Palace from March to September; and CL-STA-1049, associated with Unfading Sea Haze, active in April and August. Attackers deployed numerous malware families, including HIUPAN, PUBLOAD, EggStremeFuel, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st.Mustang Panda notably utilized the USBFect worm to propagate PUBLOAD via infected USB drives, enabling lateral movement and data exfiltration. Other clusters employed multi-payload strategies and stealthy DLL sideloading techniques to maintain access and evade detection.Source: Security Affairs
Malware, Threat Intelligence, Government security
China-linked groups conduct sophisticated cyber espionage against Southeast Asian government

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



