China-Linked Group Targets Southeast Asia Critical Systems
ID: c386e96f-bfed-56da-b4c9-f6b84e72b48b
STIX ID: report--c386e96f-bfed-56da-b4c9-f6b84e72b48b
Feed Name: Dark Reading
Palo Alto Networks Unit 42 reports that a China-linked APT, CL-STA-1062 (likely same as Cisco Talos' UAT-7237), has targeted electricity, water, government and military organizations in Southeast Asia using a novel, stealthy C# RAT named TinyRCT. The implant includes anti-analysis and self-destruct features, masquerades as legitimate binaries (e.g., PerfWatson2.exe), and supports remote command execution, fingerprinting and exfiltration; researchers observed lateral movement and persistence but limited evidence of OT-specific payloads, leaving open whether the group performs espionage end-to-end or serves as an initial-access broker.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
