logo

TinyRCT Backdoor Gives CL-STA-1062 Command Execution and File Exfiltration Capabilities

ID: c9a8ea01-0c86-536d-8d3e-c9437fa67848

STIX ID: report--c9a8ea01-0c86-536d-8d3e-c9437fa67848

Feed Name: Cyber Press

Threat Score
85/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Varshini

...
...

This report describes a 2025 APT campaign by CL-STA-1062 targeting government and energy organizations in Southeast Asia that used exploited web applications to deploy ASPX web shells, open-source tunneling tools disguised as legitimate binaries, and a newly identified custom remote access Trojan called TinyRCT for stealthy data theft, lateral movement, and persistent access; the report includes technical TTPs and multiple SHA256 IoCs tied to the activity.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.